lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 22 Jun 2007 11:32:23 -0000 From: scott-REMOTE-@...lletin.com To: bugtraq@...urityfocus.com Subject: Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x This isn't a directory traversal, the code is simply output on to the page as <frame src="..."> (sanitised of course), so they can only access what is available in the physical domain. Scott MacVicar Development Team, vBulletin