[VIM] TRUE: Open Translation Engine (OTE) 0.7.8 RFI (+ XSS)

Heinbockel, Bill heinbockel at mitre.org
Mon May 7 15:48:49 UTC 2007


MILW0RM: 3838
BID:23793

In the OTE 0.7.8 package:

File dev/skin/header.php (line 11):
	include($ote_home . '/skins/css.php');


Additionally, there appear to be some XSS issues
later on (lines 13-17):
	...
	?><title><? echo $title ?></title>
	</head><body><form><table border="0" cellpadding="0"
cellspacing="0" class="head
 	<tr>
  	<td width="60" class="header_reverse"><a href="<? echo $web_url
. '/'; ?>"><b>OTE</b></a></td>
  	<td class="header_small"><?  echo $title ?></td>
	...

As you can see, the title and web_url parameters are neither defined
nor passed through htmlspecialchars() or similar.


William Heinbockel
Infosec Engineer, Sr.
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list