Hello all,
I just wanted to install vBSEO on another forum and wondered if the URL setting "members/[user_name]/" also used on vbseo.com is really safe as stated in the vbseocp.
So I just tested it and my concerns became true.NOTE: Since vBulletin does not allow for duplicate usernames, it is safe not to use the [user_id] variable.
On the Online List I searched for a member with some custom character in the username. The first one was O'NEAL pointing to
So I registered a new user with username "oneal" and now when you want to access O'NEAL's profile, you see oneal's profile.Code:http://www.vbseo.com/members/oneal/
I would not recommend using this feature without User_ID in the URL.


LinkBack URL
About LinkBacks





Reply With Quote

