[VIM] "Phil's Bookmark" looks, smells site-specific
Steven M. Christey
coley at mitre.org
Thu Feb 22 14:22:19 EST 2007
I're cleaning out leftover 2006 references for CVE, which is why I'm
posting about so many old issues.
Refs: Phil's Bookmark script admin By-pass
http://www.securityfocus.com/archive/1/archive/1/433222/30/5130/threaded
I followed up asking "is this site-specific"?
http://www.securityfocus.com/archive/1/archive/1/433441/30/5100/threaded
The response here:
http://www.securityfocus.com/archive/1/archive/1/433869/30/5040/threaded
was "Yes, there really is a issue here. If you take time and don't
just look at the first 2-3 pages in google. Phil's Bookmark is a
bookmark script." Naturally, there was no actual URL provided.
So Googling about I was only able to find this:
Phil's Bookmark Thingy
www.baskette.com/bookmarks/index.php?showall=1
Looking around, you can see various successful hacks. So the issue is
real, anyway. In an ironic twist, someone (perhaps not Phil) added
links to various internet security sites.
The page appears to be run by a guy named Phil. There is no contact
information, otherwise I'd send an inquiry.
Google doesn't return any more results for "Phil's Bookmark script"
besides the Bugtraq post and related messages. I looked through
everything.
So, I'm thinking site-specific here.
- Steve
More information about the VIM
mailing list