[VIM] a-forum xss - who? what? where?

Steven M. Christey coley at linus.mitre.org
Wed Jan 24 18:15:27 EST 2007

from a CVE analyst who decided to dig a little deeper...

ACCURACY: The script can be downloaded from
www.phpscripts-fr.net/scripts/script.php?id=346. On this page, there
is a house icon that points to www.mistersp.com, suggesting that the
author of this www.phpscripts-fr.net page believed that
www.mistersp.com was the home web site associated with the script.
This was not directly confirmed. This page also says "A-Forum par
Arnaud Guyonne." The domain registrant for mistersp.com is Danielle
Guyonne (same last name). The download contains "Copyright Arnotic
1999 - 2000." According to forum.kimsufi.com/member.php?u=177, Arnaud
Guyonne uses the nickname Arnotic. Thus, the contents of the download
map to the name Guyonne, and thus map (given an apparent family
connection) to mistersp.com.

ACCURACY: psuedo was a misspelling by the researcher.

More information about the VIM mailing list