| lists.openwall.net | lists / announce john-users owl-users popa3d-users / xvendor oss-security / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 | |
|
Open Source and information security mailing list archives
| ||
|
Date: 2 Oct 2007 19:28:19 -0000 From: james@...balmegacorp.org To: bugtraq@...urityfocus.com Subject: Re: dvddb-0.6 media sql-inj. vuln. This exploit is incorrect. There is no SQL injection attack here. The $user variable is sanitized prior to passing to the function in common.php, and calling the file directly does nothing because it's just a function definition.