[VIM] a question of credit

security curmudgeon jericho at attrition.org
Mon Jun 5 01:38:08 EDT 2006

We're seeing more and more of these types of disclosures lately, and I 
know several of us have talked about them and groan each time they happen.

So, examine these two clips:


---------- Forwarded message ----------
From: kubasx at gmail.com
To: bugtraq at securityfocus.com
Date: 30 May 2006 18:47:16 -0000
Subject: toendaCMS 0.7.0 Cross Site Scripting

Discovery By: Jokubas.S
Example: http://target/?id=[XSS]
irc.data.lt #offence



Input passed to the "print_url" variable via _SERVER[QUERY_STRING] in 
engine/extensions/ext_footer/content_footer.php is not properly sanitised 
before being returned to the user. This can be exploited to execute 
arbitrary HTML and script code in a user's browser session in context of 
an affected site.

Successful exploitation requires that the user is running a browser that 
has not URL-encoded the request (e.g. Internet Explorer).


Now, who really deserves credit here? Jokubas.S obviously pasted in some 
boring XSS code and saw a pop up window then posted to Bugtraq. But he 
didn't know or disclose this is apparently only valid in MSIE, that the 
flaw stems from a problem in content_footer.php, etc.

More information about the VIM mailing list