[VIM] QuizShock v1.5.5 XSS Vulnerability
George A. Theall
theall at tenablesecurity.com
Sun Jan 3 03:01:31 UTC 2010
Exploit DB 10854 / Bugtraq 37552 looks like the same issue reported in
April 2007 by John Martinelli and covered by CVE-2007-1905 / Bugtraq
23368 / OSVDB 34777 -- both involve the 'forward_to' parameter of the
'auth.php' script in QuizShock, although indoushka's recent advisory
covers an earlier version (1.5.5) compared with Martinelli (1.6.1).
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list