suspicious script on vim.org
19 views
Skip to first unread message
Jeroen Budts
Oct 9, 2012, 5:05:27 AM10/9/12
to vim...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
This looks like another new suspicious script:
http://www.vim.org/scripts/script.php?script_id=4259
It seems like a test to see if vim.org is vulnerable to XSS with
uploaded scripts (or something like that)
Jeroen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAEBCAAGBQJQc+jVAAoJEBrqc/v4ufiMlAYQAL2lDOeoPd4lKIQtxbphRSMe
byBinOD5iQNruWneoFKV+mncYP7L14x57HOVNoNFbWMXD37q3k4VlfuTFcYDnhC4
0XS9STVQ3X44sZm9SfvoQWvqatS+aJ3vgxDuIVzEBgMVKTOLBfrrr+pYe09cRTR0
nx7uN2jpMlzdfntwxLZfx4yh3E5lRSB8kQi604c8Tkubfytd0Yo+ZHu5eOIGZ6bS
dUMvST4PItMpyo7rC/6qb0tkGRexgK8LiyyehXH28l57SJUp+pQEQ/sBkU/B2kIC
5Zex61LN1hIZ/4iycdFLKJTjEceYTKPeOzvy90ZkR6CkH7btYtRuiSuQ6tjrvSdX
bLx9PWTkFo4aGIYuMV2VQkFnLlHEWBZ9DHzYbld5aY5xjbEuuVrQLK0VGmW2xWbs
a6EjSWkUnWj0T3HDIJLlwWxm6Z1pNHUqb91/9rJXrRH71UvDPiXedwkMPm+o+hXe
BC0/sPVQXXJ6D58PG6QFxSq1mO/Ik9IMwmH1lLBg3G2aiD4AqfCAFiOAvk+/jq9y
q1uwfdJ61arBO/zqs+COECcR5OEPXJACkRXuywqyaJ9G3qIYGWZI5fBVpBRJDYDI
Si+bv+t/3PoSL9GA5ip/JADLy8LmZVxZr3gHZdq7A4PA1JLAZcaXWNwMElR4QMPL
DEyAVZL73oRocY3qnchp
=Ccle
-----END PGP SIGNATURE-----
Hash: SHA256
This looks like another new suspicious script:
http://www.vim.org/scripts/script.php?script_id=4259
It seems like a test to see if vim.org is vulnerable to XSS with
uploaded scripts (or something like that)
Jeroen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAEBCAAGBQJQc+jVAAoJEBrqc/v4ufiMlAYQAL2lDOeoPd4lKIQtxbphRSMe
byBinOD5iQNruWneoFKV+mncYP7L14x57HOVNoNFbWMXD37q3k4VlfuTFcYDnhC4
0XS9STVQ3X44sZm9SfvoQWvqatS+aJ3vgxDuIVzEBgMVKTOLBfrrr+pYe09cRTR0
nx7uN2jpMlzdfntwxLZfx4yh3E5lRSB8kQi604c8Tkubfytd0Yo+ZHu5eOIGZ6bS
dUMvST4PItMpyo7rC/6qb0tkGRexgK8LiyyehXH28l57SJUp+pQEQ/sBkU/B2kIC
5Zex61LN1hIZ/4iycdFLKJTjEceYTKPeOzvy90ZkR6CkH7btYtRuiSuQ6tjrvSdX
bLx9PWTkFo4aGIYuMV2VQkFnLlHEWBZ9DHzYbld5aY5xjbEuuVrQLK0VGmW2xWbs
a6EjSWkUnWj0T3HDIJLlwWxm6Z1pNHUqb91/9rJXrRH71UvDPiXedwkMPm+o+hXe
BC0/sPVQXXJ6D58PG6QFxSq1mO/Ik9IMwmH1lLBg3G2aiD4AqfCAFiOAvk+/jq9y
q1uwfdJ61arBO/zqs+COECcR5OEPXJACkRXuywqyaJ9G3qIYGWZI5fBVpBRJDYDI
Si+bv+t/3PoSL9GA5ip/JADLy8LmZVxZr3gHZdq7A4PA1JLAZcaXWNwMElR4QMPL
DEyAVZL73oRocY3qnchp
=Ccle
-----END PGP SIGNATURE-----
Marc Weber
Oct 9, 2012, 5:21:02 AM10/9/12
to vim_use
Excerpts from Jeroen Budts's message of Tue Oct 09 11:05:27 +0200 2012:
AFAIK there is no page displaying contents of the binary files.
The only thing I really fear would be people starting to write malicious
.vim code and embed that into a useful script.
Anyway that content doesn't make sense - because you can check whether
there is a chance finding out whether you can make browsers run such
code much faster: Get existing content, use google to see whether it
finds it. If it finds content you have a chance to inject JS.
Thus why did this guy/girl go through the trouble registering?
Marc Weber
> This looks like another new suspicious script:
> http://www.vim.org/scripts/script.php?script_id=4259
Thanks for reporting. Vim treats files as binary content.
> http://www.vim.org/scripts/script.php?script_id=4259
AFAIK there is no page displaying contents of the binary files.
The only thing I really fear would be people starting to write malicious
.vim code and embed that into a useful script.
Anyway that content doesn't make sense - because you can check whether
there is a chance finding out whether you can make browsers run such
code much faster: Get existing content, use google to see whether it
finds it. If it finds content you have a chance to inject JS.
Thus why did this guy/girl go through the trouble registering?
Marc Weber
Bram Moolenaar
Oct 9, 2012, 7:10:17 AM10/9/12
to Jeroen Budts, vim...@googlegroups.com
Jeroen Budts wrote:
> This looks like another new suspicious script:
> http://www.vim.org/scripts/script.php?script_id=4259
>
> It seems like a test to see if vim.org is vulnerable to XSS with
> uploaded scripts (or something like that)
the user. Let me know if similar things happen.
--
An SQL statement walks into a bar. He approaches two tables
and says, "Mind if I join you?"
/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
Reply all
Reply to author
Forward
0 new messages