[VIM] Inquiry sent to NZ Ecommerce vendor
Steven M. Christey
coley at mitre.org
Wed Mar 8 21:27:36 EST 2006
Regarding the XSS and SQL injection issues in NZ Ecommerce here:
http://pridels.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html
The vendor included a blog comment that said he could not reproduce
the issues.
I researched things a little bit, and it appears that the report is
legit. I've sent a followup email to the vendor with my findings.
I'll let you know when I hear something.
Hmmmmmm... while I was composing this email, I received some sort of
bounce error from the vendor's site. Guess I'll have to try later...
- Steve
More information about the VIM
mailing list