info
discussion
exploit
solution
references
VBulletin Index.PHP User Interface Spoofing Weakness
There is no exploit required; however the following example has been supplied:
http://forums.example.com/admincp/index.php?loc=http://www.example.com
Privacy Statement
Copyright 2010, SecurityFocus
