[VIM] Inquiry sent to NZ Ecommerce vendor

Steven M. Christey coley at mitre.org
Wed Mar 8 21:27:36 EST 2006


Regarding the XSS and SQL injection issues in NZ Ecommerce here:

  http://pridels.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html

The vendor included a blog comment that said he could not reproduce
the issues.

I researched things a little bit, and it appears that the report is
legit.  I've sent a followup email to the vendor with my findings.
I'll let you know when I hear something.

Hmmmmmm... while I was composing this email, I received some sort of
bounce error from the vendor's site.  Guess I'll have to try later...

- Steve


More information about the VIM mailing list