Bugtraq mailing list archives

Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x

From: scott-REMOTE- () vbulletin com
Date: 22 Jun 2007 11:32:23 -0000

This isn't a directory traversal, the code is simply output on to the page as <frame src="..."> (sanitised of course), 
so they can only access what is available in the physical domain.

Scott MacVicar
Development Team, vBulletin

Current thread:

New Include Redirect Bug XSS All vBulletin v 3.x.x stormhacker (Jun 20)
- <Possible follow-ups>
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOVE- (Jun 21)
  - Re: New Include Redirect Bug XSS All vBulletin v 3.x.x kaneda (Jun 21)
- Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOTE- (Jun 22)