[VIM] QBv14 is a real downloadable product
Steven M. Christey
coley at mitre.org
Thu May 25 01:18:10 EDT 2006
Ref:
BUGTRAQ:20060522 QBv14 XSS
URL:http://www.securityfocus.com/archive/1/archive/1/434823/100/0/threaded
I noticed vdb's haven't touched this yet. They must still be poring
over the comprehensive details that were provided for this wildly
popular product.
A zip file was available from here:
http://www.hotscripts.pl/downloads/php6/?M=A
I dunno if it's got XSS, but I glanced at acc.php and saw this:
if ($_GET['request'] == "") {
$page = "actions/main.php";
}
else {
$page = "actions/" . $_GET['request'] . ".php";
}
include $page;
which, um, looks kinda suspicious.
- Steve
More information about the VIM
mailing list