[VIM] [TRUE] Serious holes affecting JFFNMS

Noam Rathaus noamr at beyondsecurity.com
Mon Jun 11 06:44:55 UTC 2007


I am able to confirm the XSS, and at least the that the data isn't filtered so 
SQL is possible, though the sample doesn't appear to work on the demo web 
site as the site appears to escape ' characters.

  Noam Rathaus
  1616 Anderson Rd.
  McLean, VA 22102
  Tel: 703.286.7725 extension 105
  Fax: 888.667.7740
  noamr at beyondsecurity.com
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Brown <timb at nth-dimension.org.uk>
Subject: Serious holes affecting JFFNMS
Date: Sun, 10 Jun 2007 20:53:41 +0100
Size: 9950
Url: http://www.attrition.org/pipermail/vim/attachments/20070611/27dff764/attachment-0001.mht 

More information about the VIM mailing list