[VIM] old OdysseusBlog XSS report - possibly incorrect

Steven M. Christey coley at mitre.org
Mon Jan 22 20:05:11 EST 2007

Researcher: the_Edit0r

Ref: BUGTRAQ:20061116 OdysseusBlog => 1.0.0 Cross Site Scripting

I downloaded OdysseusBlog 1.0.0 and looked at the source.  We have a
couple examples like this:

> $pid = $_GET['page'];
>  $next = "<!--Next List if needed--><table border='0' cellspacing='0' cellpadding='5' width='100%'><tr><td><p align='right'><a href='home.php?user=$user&page=" . $pid - 1 ."'>&lt;&lt; Previous 5</a> | <a href='home.php?user=$user&page=" . $pid + 1 . "'>Next 5 &gt;&gt;</a></p></td></tr></table>";

$pid +- 1 would evaluate to 1 or -1, so this looks faulty.

Maybe there's a detailed error reporting level that would spit out a
message, but E_ALL didn't work for me.  And even so, you get into XSS
within PHP's error reporting itself, whatever that bug was that they
fixed about a year ago.

- Steve

More information about the VIM mailing list