There's been discussions about eval saying how bad it is. What I want to know was there ever an exploit on vBulletin through eval?
Any expliots through eval?
Collapse
X
-
There was back in the version 2 days thanks to the joys of register_globals, if we forgot to initialise a variable and it was directly injected into the eval call then it was possible.
We don't do this in any of the vB3 code that I can think of off the top of my head. Every eval call is performed on the results from template fetcher.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment