[27549] in bugtraq
RE: vBulletin XSS Security Bug
daemon@ATHENA.MIT.EDU (Alex Yu)
Mon Oct 21 22:30:14 2002
From: "Alex Yu" <yua@yudesigns.com>
To: "'Sp.IC'" <SpeedICNet@Hotmail.Com>, <bugtraq@securityfocus.com>
Date: Mon, 21 Oct 2002 13:42:21 -0400
Message-ID: <000b01c27929$36959d30$7f3c7180@monkey>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20021018120855.4117.qmail@mail.securityfocus.com>
> .:: vBulletin XSS Security Bug
>
> + Solution:
>
> - Forum administrator can add some codes that will check
> the referred
> URL and filter its inputs or upgrade to vBulletin 3.0.
Incorrect information. vBulletin 3.0 is still in beta and is not
available for download. vBulletin team has posted a fix and will
include this patch in the upcoming 2.2.9 release.
To download the bug fix, please go to this URL:
http://www.vbulletin.com/forum/showthread.php?threadid=57203
As far as I know, vBulletin was not informed about this security bug
before the exploit went public.
BTW, I do not work for vBulletin.
Best,
Alex
