[VIM] VERIFY Pluggedout Blog 1.9.9c problem.php XSS
Steven M. Christey
coley at mitre.org
Mon Feb 6 17:52:47 EST 2006
downloaded 1.9.9c as referenced here:
http://www.pluggedout.com/development/forums/viewtopic.php?t=831
I verified the XSS via source inspection.
problem.php has:
>switch ($_REQUEST["id"]){
...
> case "1":
...
> print "Problem with Database Result Code<br><br>".$_REQUEST["data"];
No include statements appear before this code, so there is no
cleansing going on.
A grep shows that problem.php is only referenced in "Location:"
headers from other scripts, one of which is a generic problem
reporting routine; so this is probably a case of a "direct request"
enabling the XSS, if anyone cares.
- Steve
More information about the VIM
mailing list