The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Reported 4.0.2 PL1 XSS Vunerability
Regarding this reported exploit: http://inj3ct0r.com/exploits/9697
An official patch is forthcoming. Meanwhile I have attached a patched type.php file to this message. Unzip that file and upload it, replacing the existing ../vb/search/type.php file Note: This is for those running 4.0.2 PL1 only. If for some reason you want to apply this patch yourself, find the following file: ../vb/search/type.php In that type.php file, find this near the bottom of the file: 'query' => TYPE_STR, Replace that with this: 'query' => TYPE_NOHTML, Please note that if you have already applied Paul M's path here, then you do not have to apply this patch. Attached Files
More... |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|