[VIM] WS-Album - "PublisedDate" is correct, source verify, new vector
Steven M. Christey
coley at mitre.org
Thu Jun 15 00:35:47 EDT 2006
Ref: http://pridels.blogspot.com/2006/06/ws-album-xss-vuln.html
parameter "PublisedDate" looked like a typo, but a grep of the source
code says it's right.
Oh, and by source inspection, the issue is valid. From
AlbumPhoto/FullPhoto.asp:
PublisedDate = request("PublisedDate")
...
<font size="1"><%=PublisedDate%></font><br><br><img
src="<%=image%>">
and here we get a bonus XSS since I happened to notice this:
image = request("image")
...
<font size="1"><%=PublisedDate%></font><br><br><img src="<%=image%>">
- Steve
More information about the VIM
mailing list