[VIM] Bugtraq Ids 37702 vs 43591

George A. Theall theall at tenable.com
Thu Sep 30 11:40:51 CDT 2010

The newly-created Bugtraq Id 43591 covers a SQL injection in a product  
named MyPhpAuction -- apparently user-input to the 'id' parameter of  
the 'product_desc.php' is not sanitized before being used in a  
database query. SecurityFocus gives as a PoC:


Notice the "zeeauctions_admin"? Looks like the product is just a  
rebranded version of that, no? And indeed, if you go to the product  
page (http://galaxyscriptz.com/products/MyPhpAuction-2010.html),  
you'll notice the demo links to http://www.canadianelitehosting.com/Demos/ZeeAuctions/ 
, which appears to be that based on its banner.

Given this, the BID seems to be a dup of BID 37702, which gives as a  


I'm not clear about the attribution, but this seems to correspond to  
EDB Id 11047 although it's been truncated (cut-and-paste error?).

Taking this into consideration, these two BIDs seem to be duplicates.  
Rob, did you guys at SecurityFocus look into this at all?

theall at tenablesecurity.com

More information about the VIM mailing list