[VIM] QuizShock v1.5.5 XSS Vulnerability

George A. Theall theall at tenablesecurity.com
Sun Jan 3 03:01:31 UTC 2010

Exploit DB 10854 / Bugtraq 37552 looks like the same issue reported in  
April 2007 by John Martinelli and covered by CVE-2007-1905 / Bugtraq  
23368 / OSVDB 34777 -- both involve the 'forward_to' parameter of the  
'auth.php' script in QuizShock, although indoushka's recent advisory  
covers an earlier version (1.5.5) compared with Martinelli (1.6.1).

theall at tenablesecurity.com

More information about the VIM mailing list