|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting
From: Julien GROSJEAN - Proxiad (j.grosjean
proxiad.com)
Date: Wed Apr 05 2006 - 03:17:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You're right...
Now, the "simple" search returns that :
http://packetstorm.linuxsecurity.com/0603-exploits/explorerXP.txt
;-)
Dave Korn a écrit :
> Julien GROSJEAN - Proxiad wrote:
>> A simple Google search returns that :
>>
>> http://www.phpscripts-fr.net/scripts/script.php?id=933
>
> That depends on what you mean by "simple". I just put "ExplorerXP" into
> google, which I think is about as simple as you can get. That website
> doesn't show up until the seventh page of results. (And strangely enough it
> doesn't show up until the /eighth/ page of results at google.fr!)
>
> So unless you had prior knowledge that it was french (I suppose I could
> perhaps have guessed that from seeing the word 'chemin', but you can't
> assume it's french just because the people reporting the vuln are from
> france), or unless you somehow already knew that the correct spelling had
> "Explorer" and "XP" as two separate words, I think the point remains: *all*
> vuln announcements should say what the software is, where it comes from and
> who makes it.
>
> After all, for all you know there is /yet another/ php package out there
> called ExplorerXp, and it's /that/ one they were talking about.
>
> cheers,
> DaveK
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]