[VIM] CVE-2007-3242 (fwd)

Steven M. Christey coley at linus.mitre.org
Wed Jun 20 19:50:44 UTC 2007

Remember the web-app.net vs. web-app.org debacle?  Here's a little more.

- Steve

---------- Forwarded message ----------
Date: Tue, 19 Jun 2007 15:00:27 -0700 (PDT)
To: cve at mitre.org
Subject: CVE-2007-3242



This is complete nonsense.

WebAPP (the real one from http://www.web-app.net ) filters it out, it uses
tainting/untainting. Why dont you guys check things before posting this
sort of nonsense? Its not first time you give us at http://www.web-app.net
"credits" for security findings in piratical imitations of our script.

Please check our script version and correct this article.

You will see this:
if ($op eq "Edit") {
And this:
	unless ($input_to_check =~ /^[\w  \:\.\/?-]/ ){
	error("You entered an invalid character. You may only enter letters,
slashes, numbers, underscores, spaces, periodes, points, questions marks
and hyphens. Kindly try again.");

Thank you
On Elpeleg
Security Team, WebAPP

More information about the VIM mailing list