| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Apr 2010 07:32:00 -0000 From: edgard.chammas@...ond-security.org To: bugtraq@...urityfocus.com Subject: Vbulletin - Two-Step External Link XSS ############################################### # Vendor: vBulletin # Affected versions: 3.7.x - 3.8.x # Mod: Two-Step External Link # URL: http://www.vbulletin.org/forum/showthread.php?t=217708 # Vulnerability type: XSS # Risk rating: Medium ############################################### # [Exploit] # http://[FORUM]/externalredirect.php?url=XSS ############################################### # [Bug] # File: externalredirect.php (line 35) # Code: $url = $vbulletin->GPC['url']; ############################################### # [Solution] # $url = htmlentities($vbulletin->GPC['url']); ############################################### # [Credits] # Edgard Chammas [454447415244] # edgard.chammas@...ond-security.org ###############################################
Powered by blists - more mailing lists