[VIM] discuss: MaxWebPortal as an example
Sullo
sullo at cirt.net
Sat May 14 21:59:23 EDT 2005
security curmudgeon wrote:
>The question to consider is, why didn't either of the researchers find all
>of these injections? Why was there 14 days between Soroush's two groups?
>
>Any speculation as to why we would see such a disclosure pattern?
>
>
I suspect they just got bored & took a few days off. When I was messing
with cPanel the same happened, even though there were a lot more
vulns... then a few days later I notified them of some more... then I
just gave up because it was just swiss cheese. Had someone else been
looking at the same time, they may have found 20 different problems than
I did.
But that's a guess. who knows.
--
http://www.cirt.net/ | http://www.osvdb.org/
More information about the VIM
mailing list