The idea is very simple yet very effective.

If there was a kind of filter that does:

1- prevent the direct request of files that should never be requested like "config.php"
2- Filter all "url request" from commen words and characters used for sql injections.
3- Filter the "POST Method" from words that usually used in xxs vulnerability.

If we can have such system, "I think" we can prevent 99.9% of known and unknown vulnerabilities.

Thanks

Hmmmm... not a bad idea.

One would have to define which words are "commonly used for vulnerabilities" though.

I suggest you post at vbulletin.com, maybe the developers can give some feedback about how easy this would be to implement, as well as how useful it would be.