[VIM] QBv14 is a real downloadable product

Steven M. Christey coley at mitre.org
Thu May 25 01:18:10 EDT 2006


   BUGTRAQ:20060522 QBv14 XSS

I noticed vdb's haven't touched this yet.  They must still be poring
over the comprehensive details that were provided for this wildly
popular product.

A zip file was available from here:


I dunno if it's got XSS, but I glanced at acc.php and saw this:

  if ($_GET['request'] == "") {
  $page = "actions/main.php";
  else {
  $page = "actions/" . $_GET['request'] . ".php";
  include $page;

which, um, looks kinda suspicious.

- Steve

More information about the VIM mailing list