[VIM] discuss: MaxWebPortal as an example

Sullo sullo at cirt.net
Sat May 14 21:59:23 EDT 2005

security curmudgeon wrote:

>The question to consider is, why didn't either of the researchers find all 
>of these injections? Why was there 14 days between Soroush's two groups?
>Any speculation as to why we would see such a disclosure pattern?

I suspect they just got bored & took a few days off. When I was messing 
with cPanel the same happened, even though there were a lot more 
vulns... then a few days later I notified them of some more... then I 
just gave up because it was just swiss cheese. Had someone else been 
looking at the same time, they may have found 20 different problems than 
I did.

But that's a guess. who knows.


http://www.cirt.net/      |     http://www.osvdb.org/

More information about the VIM mailing list