[VIM] VERIFY Pluggedout Blog 1.9.9c problem.php XSS

Steven M. Christey coley at mitre.org
Mon Feb 6 17:52:47 EST 2006


downloaded 1.9.9c as referenced here:

  http://www.pluggedout.com/development/forums/viewtopic.php?t=831

I verified the XSS via source inspection.

problem.php has:

>switch ($_REQUEST["id"]){
...
>	case "1":
...
>		print "Problem with Database Result Code<br><br>".$_REQUEST["data"];


No include statements appear before this code, so there is no
cleansing going on.

A grep shows that problem.php is only referenced in "Location:"
headers from other scripts, one of which is a generic problem
reporting routine; so this is probably a case of a "direct request"
enabling the XSS, if anyone cares.

- Steve


More information about the VIM mailing list