[VIM] Re: ASP-DEV XM Forum RC3 XSS - unable to verify
Steven M. Christey
coley at linus.mitre.org
Thu Dec 15 02:01:02 EST 2005
By the way, "posts.asp" (CVE-2005-1008) does not appear to exist in the
source code for ASP-DEV XM Forum RC3; it might be post.asp.
On Thu, 15 Dec 2005, Steven M. Christey wrote:
>
> Apparent reporter: Dj_Eyes
>
> BID: 15858
>
> Original report not locatable.
>
> Claim: XSS in forum.asp via forum_title, in ASP-DEV XM Forum RC3
>
> Problem:
>
> > lynx 'http://www.asp-dev.com/download.asp?did=1'
> > unzip ASPXMForum-RC3.zip
> > cd Forum_RC3/
> > grep -i forum_title `find . -type file`
>
> --> yields nothing
>
> > grep -i forum_id `find . -type file`
>
> --> yields nothing
>
>
> (and leave me alone about my little find lameness)
>
>
>
> Note: might be AliveSites instead.
>
>
> - Steve
>
More information about the VIM
mailing list