Hello, in this manual is adviced to add this code into vbseo.php file:

Step 5 :
If you have vbseo installed add this to the top of vbseo.php in your forum root directory.
Code:

if (strpos($_SERVER["QUERY_STRING"],'%00')) die;


This manual is about fixing vulnerabilities, please what does above "if strpos" do? / prevent?

I assume it denying POST OR GET requests where in request (URL?) is the phrasse %00 which is "used to bypass sanity checking filters in web infrastructure by adding URL-encoded null byte characters (i.e. %00, or 0x00 in hex) to the user-supplied data. This injection process can alter the intended logic of the application and allow malicious adversary to get unauthorized access to the system files." (per http://projects.webappsec.org/w/page...te%20Injection)