[VIM] ASP-DEV XM Forum RC3 XSS - unable to verify

Steven M. Christey coley at mitre.org
Thu Dec 15 01:47:00 EST 2005


Apparent reporter: Dj_Eyes

BID: 15858

Original report not locatable.

Claim: XSS in forum.asp via forum_title, in ASP-DEV XM Forum RC3

Problem:

> lynx 'http://www.asp-dev.com/download.asp?did=1'
> unzip ASPXMForum-RC3.zip
> cd Forum_RC3/
> grep -i forum_title `find . -type file`

  --> yields nothing

> grep -i forum_id `find . -type file`

  --> yields nothing


(and leave me alone about my little find lameness)



Note: might be AliveSites instead.


- Steve


More information about the VIM mailing list