[VIM] FileLister - ummmmmmmm, what?

Steven M. Christey coley at mitre.org
Tue Dec 6 01:03:03 EST 2005

This is an odd one.

r0t posted an SQL injection vuln in FileLister via "the search


Secunia, SecurityFocus, and FrSirt all describe a FileLister vuln, but
instead of SQL injection, they say it's XSS, and they also say it's
the "searchwhat" parameter in definesearch.jsp.

They all point to r0t's SQl injection post.

So, to repeat the subject line...

ummmmmmmm, what?

For those who want to investigate, "searchwhat" only appears in
definesearch.jsp and

- Steve

More information about the VIM mailing list