[VIM] true: WebMod 0.48 XSS
Steven M. Christey
coley at mitre.org
Tue Oct 16 21:39:27 UTC 2007
Wide publication by SECUNIA:27245
Seems to be related to a post by "nemessis" at
http://sla.ckers.org/forum/read.php?3,44,11482#msg-11482
Seems to be live on some servers based on Google search results.
source: http://djeyl.net/files.php#webmod
auth.w appears to utilize a custom or non-typical programming language
mixed with HTML, probably called W, without any apparent documentation
in the WebMod package. Commands are encoded within "{}"
The relevant line is:
<form action="auth.w?redir={G.redir}" method="post" name="authform">
where, from context in other source code, "G" is an
array/hash/structure that contains values from GET requests.
- Steve
More information about the VIM
mailing list