Canuckster
02-18-2011, 01:18 AM
Hi. My search for a decent javascript slideshow brought me here (to http://www.dynamicdrive.com/dynamicindex14/fadeinslideshow.htm). In the course of due diligence, I thought I'd see if I could dig up any security risks that might be associated with that script, and I came across this page:
http://securityreason.com/exploitalert/6935
I'm not sure what to make of it, because while the exploit's description doesn't seem to make much sense (user_register and uadd? what do they have to do with a slideshow anyway? if there's no user-supplied content then what could go wrong?), the site appears legitimate and they do name both this site and the slideshow specifically.
Does anyone have any comment on this? If the vulnerability has been fixed (it's for an older version than current) I'd like to know ... plus I wouldn't mind a better understanding of what the supposed exploit is.
Thanks for any feedback.
http://securityreason.com/exploitalert/6935
I'm not sure what to make of it, because while the exploit's description doesn't seem to make much sense (user_register and uadd? what do they have to do with a slideshow anyway? if there's no user-supplied content then what could go wrong?), the site appears legitimate and they do name both this site and the slideshow specifically.
Does anyone have any comment on this? If the vulnerability has been fixed (it's for an older version than current) I'd like to know ... plus I wouldn't mind a better understanding of what the supposed exploit is.
Thanks for any feedback.