New Spoiler

Discussion in 'Denied Suggestions' started by Matt, Jan 11, 2015.

Thread Status:
Not open for further replies.
Sign in to Post
Thread Tools

Thread Tools

  • Thread ID:
Page 2 of 2
New Spoiler
  1. Unread #21 - Jan 12, 2015 at 7:02 PM
  2. Govind
    Joined:
    Apr 22, 2005
    Posts:
    7,825
    Referrals:
    13
    Sythe Gold:
    23
    Prove it! Trole Tier 1 Prizebox Tortoise Penis Le Monkey UWotM8? Wait, do you not have an Archer rank? Potamus

    Govind The One Musketeer
    Mudkips Highly Respected Retired Administrator

    New Spoiler
    Here's the problem:

    In phpBB, it is possible to enforce constraints on BBCode parameters; namely, {URL} is used in the image path for the spoiler, which requires that a valid URL is passed in that parameter.

    In vBulletin, there is no such checking, so this particular BBCode would be open to exploitation and arbitrary Javascript code execution through the URL parameter.

    Not happening, sorry.
     
    Share
Page 2 of 2
< Subsection for Hearthstone | Notifications if someone replies or responds to posts/thread >

Users viewing this thread
1 guest
Thread Status:
Not open for further replies.


 
 
Adblock breaks this site