Re: memberlist.php of vBulletin
From: John Percival (johnnews@jelsoft.com)Date: 03/25/02
- Previous message: Len Sassaman: "Re: 1024-bit RSA keys in danger of compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Percival" <johnnews@jelsoft.com> To: <bugtraq@securityfocus.com> Date: Mon, 25 Mar 2002 14:07:24 -0000
> Vendor status: notified 3/18/2; no response
Correction:
Our response was emailed 14 minutes after receiving initial notification:
-------
Thank you for reporting this, I have flagged this for discussion among the
developers.
Please let me know if you require any further assistance.
All the best,
Chris Schreiber
Support Team, vBulletin
http://www.vbulletin.com/
mailto:support@vbulletin.com
-------
It was very kind of Plato to be responsible and let the community know what
is happening, but in the interests of the community we would have been a lot
better off letting us provide a fix first. I am quite disappointed in
Plato's actions here, and the only reason that I have not replied sooner is
that I felt that I would be more reasonable if I waited and cooled off a
little ;-)
As of Saturday, we have finished an initial round of audits for these XSS
issues and we are beginning more thorough checks. I would estimate a fix
will be available some time Monday or Tuesday.
> I believe the simplest fix would be to initialized letterbits($letterbits
=
> "";) at the top of memberlist.php.
Yes that is correct.
Add $letterbits = ''; right after the inital <?php
Unfortunately a similar bug affects several other files too. We are trying
to identify any remaining problems as quickly as possible.
Regards,
John Percival
Product Manager, vBulletin
Jelsoft Enterprises Ltd.
http://www.vbulletin.com/
mailto:john@vbulletin.com
"vBulletin: Community Instantly"
Online support: mailto:support@vbulletin.com
- Previous message: Len Sassaman: "Re: 1024-bit RSA keys in danger of compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
