[VIM] Bugtraq IDs 32763 and 42836
George A. Theall
theall at tenable.com
Tue Sep 21 12:21:08 CDT 2010
It seems like Bugtraq ID 42836 covers one of the vulnerabilities in
Max's Guestbook already covered by Bugtraq ID 32763 -- failure to
sanitize input to the 'name' parameter.
While the newer BID talks about this parameter in "the 'Comment'
section", I'm not clear what that is or if it's different from a
guestbook message itself. I don't find mention of 'comment' in the PHP
code. Nor do I see it in any live sites I've look at.
theall at tenablesecurity.com
More information about the VIM