RE: vBulletin XSS Security Bug

From: Alex Yu (yuaat_private)
Date: Mon Oct 21 2002 - 10:42:21 PDT

Next message: Renato Murilo Langona: "LinuxSecurity Brasil Magazine Online - Second Edition"

Previous message: mattat_private: "fragrouter trojan"
In reply to: Sp.IC: "vBulletin XSS Security Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> .:: vBulletin XSS Security Bug
>
> + Solution:
> 
>     - Forum administrator can add some codes that will check 
> the referred 
> URL and filter its inputs or upgrade to vBulletin 3.0.

Incorrect information.  vBulletin 3.0 is still in beta and is not
available for download.  vBulletin team has posted a fix and will
include this patch in the upcoming 2.2.9 release.

To download the bug fix, please go to this URL:

http://www.vbulletin.com/forum/showthread.php?threadid=57203

As far as I know, vBulletin was not informed about this security bug
before the exploit went public.

BTW, I do not work for vBulletin.

Best,
Alex

Next message: Renato Murilo Langona: "LinuxSecurity Brasil Magazine Online - Second Edition"
Previous message: mattat_private: "fragrouter trojan"
In reply to: Sp.IC: "vBulletin XSS Security Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 15:10:06 PDT