MyBB Community Forums

Full Version: Disable upload attachments?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am trying to prevent all possible ways of SQLi and XSS.

If normal users can upload attachments, can they upload a shell and take down a site?
No, the attachment system is secure and is designed so that people can't execute files the may upload.
If you really want to prevent all possible ways of your forum being exploited, simply don't run a forum at all. There will always be risks but disabling everything which might, possibly, slightly, have a chance of being vulnerable is overkill.

If shelling a forum was as easy as uploading an attachment, we wouldn't have developed the attachments system in the first place. Just stay up to date with the latest MyBB release and be sensible with what plugins you install.