lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 20 Apr 2010 07:32:00 -0000
From: edgard.chammas@...ond-security.org
To: bugtraq@...urityfocus.com
Subject: Vbulletin - Two-Step External Link XSS

###############################################
# Vendor: vBulletin
# Affected versions: 3.7.x - 3.8.x
# Mod: Two-Step External Link
# URL: http://www.vbulletin.org/forum/showthread.php?t=217708
# Vulnerability type: XSS
# Risk rating: Medium
###############################################
# [Exploit]
# http://[FORUM]/externalredirect.php?url=XSS
###############################################
# [Bug]
# File: externalredirect.php (line 35)
# Code: $url = $vbulletin->GPC['url'];
###############################################
# [Solution]
# $url = htmlentities($vbulletin->GPC['url']);
###############################################
# [Credits]
# Edgard Chammas [454447415244]
# edgard.chammas@...ond-security.org
###############################################

Powered by blists - more mailing lists