Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting
From: Julien GROSJEAN - Proxiad (j.grosjeanproxiad.com)
Date: Wed Apr 05 2006 - 03:17:29 CDT
Now, the "simple" search returns that :
Dave Korn a écrit :
> Julien GROSJEAN - Proxiad wrote:
>> A simple Google search returns that :
> That depends on what you mean by "simple". I just put "ExplorerXP" into
> google, which I think is about as simple as you can get. That website
> doesn't show up until the seventh page of results. (And strangely enough it
> doesn't show up until the /eighth/ page of results at google.fr!)
> So unless you had prior knowledge that it was french (I suppose I could
> perhaps have guessed that from seeing the word 'chemin', but you can't
> assume it's french just because the people reporting the vuln are from
> france), or unless you somehow already knew that the correct spelling had
> "Explorer" and "XP" as two separate words, I think the point remains: *all*
> vuln announcements should say what the software is, where it comes from and
> who makes it.
> After all, for all you know there is /yet another/ php package out there
> called ExplorerXp, and it's /that/ one they were talking about.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/