[VIM] Adult Directory - site-specific?
str0ke
str0ke at milw0rm.com
Mon Jul 30 17:52:47 UTC 2007
Hey Steve,
Here is the information I have.
site: http://www.prozilla.com/
product: http://www.prozilla.com/item.php?item=65
demo: http://www.turnkeyzone.com/demos/adultdir/
/str0ke
On 7/30/07, Steven M. Christey <coley at mitre.org> wrote:
>
> Refs:
>
> http://www.milw0rm.com/exploits/4238
> FrSIRT/ADV-2007-2695
>
> One of our analysts observed:
>
> There is a substantial inconsistency in how the researcher specifies
> the product; it is not known whether the actual product is
> site-specific. In particular, the researcher says
> photo.sourceforge.net, which points to a SourceForge project named
> Photo Collection. There is only one version of Photo Collection
> available at SourceForge (1.3.1, from 20000803). This version does
> not have a directory.php or any use of cat_id. Also, the download
> has no mention of "Adult." The researcher provides a DORK field
> apparently intended for locating installations of the product, but
> nothing relevant was found as of 20070730. It is conceivable that
> the product in question is a distributable variant of the
> SourceForge Photo Collection product, with additional components
> such as directory.php.
>
>
> Anybody have more info?
>
> - Steve
>
More information about the VIM
mailing list