Adblock breaks this site

New Spoiler

Discussion in 'Denied Suggestions' started by Matt, Jan 11, 2015.

Thread Status:
Not open for further replies.
Thread Tools

Thread Tools

  • Thread ID:
Page 2 of 2
  1. Govind

    Govind The One Musketeer
    Mudkips Highly Respected Retired Administrator

    Joined:
    Apr 22, 2005
    Posts:
    7,825
    Referrals:
    13
    Sythe Gold:
    23
    Prove it! Trole Tier 1 Prizebox Tortoise Penis Le Monkey UWotM8? Wait, do you not have an Archer rank? Potamus
    New Spoiler
    Here's the problem:

    In phpBB, it is possible to enforce constraints on BBCode parameters; namely, {URL} is used in the image path for the spoiler, which requires that a valid URL is passed in that parameter.

    In vBulletin, there is no such checking, so this particular BBCode would be open to exploitation and arbitrary Javascript code execution through the URL parameter.

    Not happening, sorry.
     
    Govind, Jan 12, 2015
    #21
Page 2 of 2
< Subsection for Hearthstone | Notifications if someone replies or responds to posts/thread >
Thread Status:
Not open for further replies.


 
 
Adblock breaks this site