[VIM] Bugtraq Ids 37702 vs 43591
rkeith at securityfocus.com
Thu Sep 30 14:49:57 CDT 2010
We concur with this, and will be retiring 43591 shortly.
George A. Theall wrote:
> The newly-created Bugtraq Id 43591 covers a SQL injection in a product
> named MyPhpAuction -- apparently user-input to the 'id' parameter of the
> 'product_desc.php' is not sanitized before being used in a database
> query. SecurityFocus gives as a PoC:
> Notice the "zeeauctions_admin"? Looks like the product is just a
> rebranded version of that, no? And indeed, if you go to the product page
> (http://galaxyscriptz.com/products/MyPhpAuction-2010.html), you'll
> notice the demo links to
> http://www.canadianelitehosting.com/Demos/ZeeAuctions/, which appears to
> be that based on its banner.
> Given this, the BID seems to be a dup of BID 37702, which gives as a PoC:
> I'm not clear about the attribution, but this seems to correspond to EDB
> Id 11047 although it's been truncated (cut-and-paste error?).
> Taking this into consideration, these two BIDs seem to be duplicates.
> Rob, did you guys at SecurityFocus look into this at all?
More information about the VIM