Bugtraq mailing list archives
Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x
From: scott-REMOTE- () vbulletin com
Date: 22 Jun 2007 11:32:23 -0000
This isn't a directory traversal, the code is simply output on to the page as <frame src="..."> (sanitised of course), so they can only access what is available in the physical domain. Scott MacVicar Development Team, vBulletin
Current thread:
- New Include Redirect Bug XSS All vBulletin v 3.x.x stormhacker (Jun 20)
- <Possible follow-ups>
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOVE- (Jun 21)
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x kaneda (Jun 21)
- Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x scott-REMOTE- (Jun 22)