[VIM] a question of credit
jericho at attrition.org
Mon Jun 5 01:38:08 EDT 2006
We're seeing more and more of these types of disclosures lately, and I
know several of us have talked about them and groan each time they happen.
So, examine these two clips:
---------- Forwarded message ----------
From: kubasx at gmail.com
To: bugtraq at securityfocus.com
Date: 30 May 2006 18:47:16 -0000
Subject: toendaCMS 0.7.0 Cross Site Scripting
Discovery By: Jokubas.S
Input passed to the "print_url" variable via _SERVER[QUERY_STRING] in
engine/extensions/ext_footer/content_footer.php is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context of
an affected site.
Successful exploitation requires that the user is running a browser that
has not URL-encoded the request (e.g. Internet Explorer).
Now, who really deserves credit here? Jokubas.S obviously pasted in some
boring XSS code and saw a pop up window then posted to Bugtraq. But he
didn't know or disclose this is apparently only valid in MSIE, that the
flaw stems from a problem in content_footer.php, etc.
More information about the VIM