[VIM] FileLister - ummmmmmmm, what?
Steven M. Christey
coley at mitre.org
Tue Dec 6 01:03:03 EST 2005
This is an odd one.
r0t posted an SQL injection vuln in FileLister via "the search
parameters":
http://pridels.blogspot.com/2005/12/filelister-sql-inj-vuln.html
Secunia, SecurityFocus, and FrSirt all describe a FileLister vuln, but
instead of SQL injection, they say it's XSS, and they also say it's
the "searchwhat" parameter in definesearch.jsp.
They all point to r0t's SQl injection post.
So, to repeat the subject line...
ummmmmmmm, what?
For those who want to investigate, "searchwhat" only appears in
definesearch.jsp and
src/org/alltimeflashdreamer/filelister/SearchParameters.java
- Steve
More information about the VIM
mailing list