Re: New Include Redirect Bug XSS All vBulletin v 3.x.x

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x
From: scott-REMOVE-@xxxxxxxxxxxxx
Date: 21 Jun 2007 15:09:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

There is a much more significant issue than executing an XSS if you can upload 
a file to a remote site...

If this is how you plan to execute the XSS then there is nothing to fix or even 
do here on our part.

Scott MacVicar
Development Team, vBulletin

Follow-Ups:
- Re: New Include Redirect Bug XSS All vBulletin v 3.x.x
  - From: kaneda

Prev by Date: [SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service
Next by Date: Re: New post Topic Hijacking XSS All vBulletin v 3.x.x (2)
Previous by thread: New Include Redirect Bug XSS All vBulletin v 3.x.x
Next by thread: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x
Index(es):
- Date
- Thread