Vulnerability Development mailing list archives

Re: vBulletin Security Vulnerability

From: Kier Darby <kier () vbulletin com>
Date: 21 Jan 2004 20:35:36 -0000

In-Reply-To: <20040120190824.GA4674 () natalya rebby com>

No patch has been issued for this 'vulnerability' because no vulnerability exists.

There is no hidden field called "reg_site", nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 
source code or templates, nor has it ever existed.

We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft.

Current thread:

vBulletin Security Vulnerability gcf (Jan 20)
- Re: vBulletin Security Vulnerability Curt Rebelein Junior (Jan 21)
- Re: vBulletin Security Vulnerability Curt Rebelein Junior (Jan 21)
- RE: vBulletin Security Vulnerability Ferruh Mavituna (Jan 21)
- <Possible follow-ups>
- Re: vBulletin Security Vulnerability Kier Darby (Jan 22)
  - RE: vBulletin Security Vulnerability Ferruh Mavituna (Jan 23)
- RE: vBulletin Security Vulnerability Scott MacVicar (Jan 23)
  - RE: vBulletin Security Vulnerability - POC Ferruh Mavituna (Jan 26)