[23161] in bugtraq
Re: UBB vulnerablietis + about: using example
daemon@ATHENA.MIT.EDU (David Dreezer)
Thu Nov 15 20:54:06 2001
Date: 15 Nov 2001 22:40:45 -0000
Message-ID: <20011115224045.28527.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: David Dreezer <bugtraq@infopop.com>
To: bugtraq@securityfocus.com
Mailer: SecurityFocus
In-Reply-To: <15722392656.20011116021050@hostel.tusur.ru>
This has been filtered in our product since version
5.47e, released February 21, 2001
line 767 ubb_library.cgi
if ($ThePost =~ /\ONERROR\s*=/i) {
&StandardHTML("Illegal HTML tag,
ONERROR");
exit;
line 709 of the latest version.
Perhaps had you followed the accepted procedures
and notified us, the vendor, ahead of time we could
have pointed this out to you.
Actions such as this reduce the value of bugtraq.
