[VIM] Likely errors in PhpAuction report
security curmudgeon
jericho at attrition.org
Fri Aug 26 02:18:44 EDT 2005
: (CAN-2005-2252, CAN-2005-2253, and CAN-2005-2254 forthcoming)
:
: has a couple oddnesses about them. Specifically, some URLs contain
: "/phpauction-gpl-2.5/" whereas others don't.
:
: There is further evidence from the raw error outputs that some, or all,
: of these results were obtained by testing on a live web site.
:
: Given this, there is some evidence that the "viewnews.php" and
: "login.php" errors are specific to the live web site and *not* the
: PhpAuction product; however the PhpAuction source code isn't available
: so I can't be sure.
:
: Normally I might not comment on this but if I'm right, then a lot of
: DB's didn't catch this.
Mailed the vendor originally, fast reply saying they were auditing and
would confirm. Didn't hear back, pinged them a week ago and still no
reply. Bleh.
More information about the VIM
mailing list