[VIM] Likely errors in PhpAuction report
security curmudgeon
jericho at attrition.org
Mon Jul 18 01:34:25 EDT 2005
: (CAN-2005-2252, CAN-2005-2253, and CAN-2005-2254 forthcoming)
:
: has a couple oddnesses about them. Specifically, some URLs contain
: "/phpauction-gpl-2.5/" whereas others don't.
:
: There is further evidence from the raw error outputs that some, or all,
: of these results were obtained by testing on a live web site.
:
: Given this, there is some evidence that the "viewnews.php" and
: "login.php" errors are specific to the live web site and *not* the
: PhpAuction product; however the PhpAuction source code isn't available
: so I can't be sure.
Have you mailed the vendor about this? If not, I will.
More information about the VIM
mailing list