[VIM] old OdysseusBlog XSS report - possibly incorrect
Steven M. Christey
coley at mitre.org
Mon Jan 22 20:05:11 EST 2007
Ref: BUGTRAQ:20061116 OdysseusBlog => 1.0.0 Cross Site Scripting
I downloaded OdysseusBlog 1.0.0 and looked at the source. We have a
couple examples like this:
> $pid = $_GET['page'];
> $next = "<!--Next List if needed--><table border='0' cellspacing='0' cellpadding='5' width='100%'><tr><td><p align='right'><a href='home.php?user=$user&page=" . $pid - 1 ."'><< Previous 5</a> | <a href='home.php?user=$user&page=" . $pid + 1 . "'>Next 5 >></a></p></td></tr></table>";
$pid +- 1 would evaluate to 1 or -1, so this looks faulty.
Maybe there's a detailed error reporting level that would spit out a
message, but E_ALL didn't work for me. And even so, you get into XSS
within PHP's error reporting itself, whatever that bug was that they
fixed about a year ago.
More information about the VIM