標 題Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x
發信站NCTU CSIE FreeBSD Server (Sat Jun 23 09:51:35 2007)
轉信站ptt!FreeBSD.csie.NCTU!not-for-mail
This isn't a directory traversal, the code is simply output on to the page as <frame src="..."> (sanitised of course), so they can only access what is available in the physical domain.
Scott MacVicar
Development Team, vBulletin