[VIM] "PHP Script Index" a site-specific issue?

security curmudgeon jericho at attrition.org
Fri Apr 14 05:29:00 EDT 2006

: Refs: BID:17297, FRSIRT:ADV-2006-1158, SECUNIA:19443
: None of these refs had the original raw report, but OSVDB:24243 did:
:   http://osvdb.org/ref/24/24243-script_index.txt
: from this raw report, Preddy discusses "PHP Script Index", but I can't 
: find any information on a product by this name.  Preddy's demonstration 
: URL is site-specific - to a web site that just happens to be an index of 
: many PHP scripts.  Searching for "PHP Script Index" on this phpmaniacs 
: web site finds nothing.  Searching for "<abc>" yields a message 
: containing an unquoted <abc>.

Despite having the original disclosure, I spent extra time digging on this 
one for the same reason you did. Checking the vendor URL provided at the 
time didn't sit right with me.

However, by the end of my limited searching, all I came up with was a 
hunch it may be site specific, but nothing conclusive to prove one way or 
another. With a lack of details, I added it to OSVDB until more details 
could be dug up. It's rare that things are this murky but in the few cases 
it happens, the OSVDB unwritten policy is to include to be safe.

More information about the VIM mailing list