[VIM] Generic vs. Specific XSS in phpCodeCabinet 0.4
jericho at attrition.org
Sun May 22 03:12:23 EDT 2005
: The generic issue probably comes from the changelog here:
We often get entries from changelogs.. this one was due to the ISS entry
though, which references the changelog.
: Looks like OSVDB had garnered the CVS diff's for some of these files,
: namely comments.php (OSVDB:3885), category.php (OSVDB:3886), and
: input.php (OSVDB:3887).
yep. i dug into the CVS at the time and found those 3 with specific
mention of security fixes.
: There's also a generic identifier (OSVDB:3920), which points to a
: generic item from ISS X-Force - phpcodecabinet-multiple-xss(15190) -
: which in turn points to the previously mentioned changelog. OSVDB:3920
: also points to Secunia's SA10862, which is also generic, and credits
: Yao-Wen, which effectively links back to the same changelog.
this is a dupe to the other 3, yep. will remove
: Each of these files has an item in January 2004 that says:
: Fixed http script injection vulnerabilities.
: Those files are:
interesting. the night i checked, only the 3 had them. wonder if the other
3 surfaced a day or two after i made entries..
: So, the infosources that use generic *and* specific entries for
: phpCodeCabinet 0.4 XSS now have a little more information to work with.
Sure does, thanks for catching this!
More information about the VIM