The subject line throws off the CSS, just letting everyone know incase you are wondering wtf happened in your forums if you see this.

^ Did you find out the hard way? ;)

^ Did you find out the hard way? ;)No, I saw it on another board and decided to test it on mine.

could you explain this problem in more detail?

could you explain this problem in more detail?It works on some forums and others it does not. Using */ or \* in the title will strip the CSS from that specific thread. Its a thread break.

Does not seem to break anything for me..

Didn't seem to work on mine either... Maybe it depends on the variables you use in your CSS....

Didn't seem to work on mine either... Maybe it depends on the variables you use in your CSS....Very well could be, I've seen it happen on a couple of different sites. May also be vb version related.

I understand the thread is outdated and the problem has been fixed, but can anyone explain how this can be used in practice?

you can basically set the whole page to be blank and inset a banner i beleive.

How can this possibly even work too. The CSS is within a stylesheet or within a <style> block. Unless the thread title is placed inside the CSS somewhere...

How can this possibly even work too. The CSS is within a stylesheet or within a <style> block. Unless the thread title is placed inside the CSS somewhere...

I was asking myself the same thing...

probably the site attacked was not clossing container tags and did not close the <style> tag. it probably wasnt an exploit just bad coding on the website's end. just another reason to follow standards and to validate your pages.

either way, wouldn't it require
*/ $thread['title'] /*

Is this a 3.6 only exploit, because my 3.5.x board works fine through the "break".

Kirk,
no, this is not an exploit in vbulletin

I agree with the above comments ... it's just bad coding on the website's end (not default style)

Okay, that figures. Thanks Princeton.