[VIM] [TRUE] Serious holes affecting JFFNMS
Noam Rathaus
noamr at beyondsecurity.com
Mon Jun 11 06:44:55 UTC 2007
Hi,
I am able to confirm the XSS, and at least the that the data isn't filtered so
SQL is possible, though the sample doesn't appear to work on the demo web
site as the site appears to escape ' characters.
--
Noam Rathaus
CTO
1616 Anderson Rd.
McLean, VA 22102
Tel: 703.286.7725 extension 105
Fax: 888.667.7740
noamr at beyondsecurity.com
http://www.beyondsecurity.com
-------------- next part --------------
An embedded message was scrubbed...
From: Tim Brown <timb at nth-dimension.org.uk>
Subject: Serious holes affecting JFFNMS
Date: Sun, 10 Jun 2007 20:53:41 +0100
Size: 9950
Url: http://www.attrition.org/pipermail/vim/attachments/20070611/27dff764/attachment-0001.mht
More information about the VIM
mailing list