Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x

from [scott-REMOVE-] Network Security [Permanent Link]
Subject: Re: Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x
Date: 22 Jun 2007 10:30:09 -0000 
I fully understand the significance of XSS and the numerous different ways to 
get it on the server but this focuses directly on the ability to place a web 
viewable document on the same domain which vBulletin doesn't provide itself.

What the author of this exploit has described is a way to influence a user to 
visit a link to a crafted page already present on the domain, it isn't 
traversing out of the directory, its only changing the value of a src or an 
href parameter.

Short of removing the ability for users to provide links there isn't a way to 
fix this, and even if we did they could just put the link on anyway and have 
someone copy and paste.

In my eyes it isn't even an exploit at all, if you can create unsanitised 
content that is web viewable then there is a more significant problem that 
needs resolved and it out of our scope to fix.

Scott MacVicar
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ MDKSA-2007:134 ] - Updated xfsdump packages fix unsafe temporary directory creation issue, security
Next by Date:  All Of the Mambo & Joomla Script Remote File Inclussion Bugs.., spymeta
Previous by Thread:  Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x, Steven M. Christey
Next by Thread:  [Full-disclosure] [USN-475-1] evolution-data-server vulnerability, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]