[VIM] yblog: distributable product
Steven M. Christey
coley at mitre.org
Mon Oct 2 18:23:55 EDT 2006
Ref:
Yblog => Cross Site Scripting
http://www.securityfocus.com/archive/1/archive/1/447427/100/0/threaded
found some source here:
http://sourceforge.net/projects/y-blog/
With only a quick glance through the code, I was not able to verify
the researcher's claims. For example, "action" is only referenced a
few times in uss.php, apparently safely. However, I did not look
extensively for things like variable overwrite or dynamic variable
evaluation issues.
- Steve
More information about the VIM
mailing list