[VIM] CVE-2007-3242 (fwd)
str0ke at milw0rm.com
Wed Jun 20 20:17:37 UTC 2007
Let me get this right.
web-app.org is the real product?
web-app.net is the copy product?
Checking the first character only was pretty funny :)
On 6/20/07, Steven M. Christey <coley at linus.mitre.org> wrote:
> On Wed, 20 Jun 2007, security curmudgeon wrote:
> > http://archives.neohapsis.com/archives/bugtraq/2007-06/0160.html
> > "There is a system access vulnerability in the Menu Manager Mod for
> > WebAPP."
> > The original disclosure doesn't mention if it is the "real" WebAPP or the
> > other one.
> It does mention this, though:
> the vulnerability also exists in the "WebAPP NE" script that is being
> distributed from web-app.net
> > It doesn't say if this is for WebAPP (from .net or .org).
> Maybe this mod works on both, but then:
> > Wait, the vulnerability was reported in a modular add-on to Web-App, why
> > would the code be in your script, unless it was distributed with it?
> Which is now my question, too, besides the one about the weird input
> validation of only the first character.
> - Steve
More information about the VIM