Re: New Include Redirect Bug XSS All vBulletin(r) v 3.x.x

["Steven M. Christey" <coley () mitre org>]

Scott MacVicar said:

> There is a much more significant issue than executing an XSS if you
> can upload a file to a remote site...

XSS could be put into an image that's allowed to be uploaded, then
directory traversal could be used to reference that image.  The image
data could be very small and made to look like it's conformant.

XSS could be put into log files (such as the web server log files)
simply by including it in an arbitrary request, then directory
traversal can be used to reference that log file.

Both of these techniques are commonly used in PHP exploits.  There are
probably others.

Then there's the whole possibility of using directory traversal to
reference completely unexpected code, which could prevent important
variables from being set, but people haven't researched that technique
very much.

In short - you don't need to create a file, you merely need to
influence its contents.

- Steve