If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)

Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

vbulletin exploit

pilson · 2006-03-08 17:25:01

there is an exploit for vbulletin 3.5.3 (version currently run on boards.ie) input to the Email address field in the "edit email and password" is not properly cleaned before storage so users can run html/script code. the feature to allow members email each other needs to be enabled. Just a heads-up for anyone running this…

Options

08-03-2006 6:25pm

#1

pilson

Closed Accounts Posts: 94 ✭✭

Join Date: August 2005

Posts: 86

there is an exploit for vbulletin 3.5.3 (version currently run on boards.ie)

input to the Email address field in the "edit email and password" is not properly cleaned before storage so users can run html/script code. the feature to allow members email each other needs to be enabled.

Just a heads-up for anyone running this version. There is a patch available from the developers...

more here:
http://secunia.com/advisories/19100/

0