[VIM] TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)
Heinbockel, Bill
heinbockel at mitre.org
Mon May 7 15:48:49 UTC 2007
MILW0RM: 3838
BID:23793
In the OTE 0.7.8 package:
File dev/skin/header.php (line 11):
include($ote_home . '/skins/css.php');
Additionally, there appear to be some XSS issues
later on (lines 13-17):
...
?><title><? echo $title ?></title>
</head><body><form><table border="0" cellpadding="0"
cellspacing="0" class="head
<tr>
<td width="60" class="header_reverse"><a href="<? echo $web_url
. '/'; ?>"><b>OTE</b></a></td>
<td class="header_small"><? echo $title ?></td>
...
As you can see, the title and web_url parameters are neither defined
nor passed through htmlspecialchars() or similar.
William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list