Announcement

Collapse
No announcement yet.

Any expliots through eval?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Any expliots through eval?

    There's been discussions about eval saying how bad it is. What I want to know was there ever an exploit on vBulletin through eval?

  • #2
    There was back in the version 2 days thanks to the joys of register_globals, if we forgot to initialise a variable and it was directly injected into the eval call then it was possible.

    We don't do this in any of the vB3 code that I can think of off the top of my head. Every eval call is performed on the results from template fetcher.
    Scott MacVicar

    My Blog | Twitter

    Comment

    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
    Working...
    X