Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting
From: Julien GROSJEAN - Proxiad <j.grosjean () proxiad com>
Date: Wed, 05 Apr 2006 10:17:29 +0200

You're right...
Now, the "simple" search returns that :

http://packetstorm.linuxsecurity.com/0603-exploits/explorerXP.txt

;-)

Dave Korn a écrit :
Julien GROSJEAN - Proxiad wrote:
A simple Google search returns that :

http://www.phpscripts-fr.net/scripts/script.php?id=933

That depends on what you mean by "simple". I just put "ExplorerXP" into google, which I think is about as simple as you can get. That website doesn't show up until the seventh page of results. (And strangely enough it doesn't show up until the /eighth/ page of results at google.fr!)

So unless you had prior knowledge that it was french (I suppose I could perhaps have guessed that from seeing the word 'chemin', but you can't assume it's french just because the people reporting the vuln are from france), or unless you somehow already knew that the correct spelling had "Explorer" and "XP" as two separate words, I think the point remains: *all* vuln announcements should say what the software is, where it comes from and who makes it.

After all, for all you know there is /yet another/ php package out there called ExplorerXp, and it's /that/ one they were talking about.

    cheers,
      DaveK

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: Re: Re: ExplorerXP : Directory Traversal and CrossSiteScripting Julien GROSJEAN - Proxiad (Apr 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault