[VIM] Adult Directory - site-specific?
Steven M. Christey
coley at mitre.org
Mon Jul 30 16:00:56 UTC 2007
Refs:
http://www.milw0rm.com/exploits/4238
FrSIRT/ADV-2007-2695
One of our analysts observed:
There is a substantial inconsistency in how the researcher specifies
the product; it is not known whether the actual product is
site-specific. In particular, the researcher says
photo.sourceforge.net, which points to a SourceForge project named
Photo Collection. There is only one version of Photo Collection
available at SourceForge (1.3.1, from 20000803). This version does
not have a directory.php or any use of cat_id. Also, the download
has no mention of "Adult." The researcher provides a DORK field
apparently intended for locating installations of the product, but
nothing relevant was found as of 20070730. It is conceivable that
the product in question is a distributable variant of the
SourceForge Photo Collection product, with additional components
such as directory.php.
Anybody have more info?
- Steve
More information about the VIM
mailing list