2016-04-15, 05:28 PM
Hello MyBB community.
I use the usergroup+additionalgroups system of mybb for permissions management to extra sites on my forum.
At the beginning of these special sites i call a function which checks if the user is in a specific usergroup.
The user can only visit the site if he is in the usergroup, otherwise an error page is shown.
My question is:
Is my usergroup check secure or can some change fake that he is a user, change values, cookies or something like that to gain unallowed access to my page.
This is the usergroup checking part of my function (which is working so far, but as explained i don't know if it is secure):
As you can see i get the information of the usergroup of the „global $mybb“ variable.
$mybb->user['usergroup']
$mybb->user['additionalgroups']
Is this secure way?
Could someone change the values of this variable?
On this site i read something about „MyBB Global Variable Overwrite Vulnerability“.
Where do the values of the $mybb variable come from?
I am very thankful for an improvement if needed.
Regards
suiluj
I use the usergroup+additionalgroups system of mybb for permissions management to extra sites on my forum.
At the beginning of these special sites i call a function which checks if the user is in a specific usergroup.
The user can only visit the site if he is in the usergroup, otherwise an error page is shown.
My question is:
Is my usergroup check secure or can some change fake that he is a user, change values, cookies or something like that to gain unallowed access to my page.
This is the usergroup checking part of my function (which is working so far, but as explained i don't know if it is secure):
public static function userisingroup($usergroupname){
global $mybb;
if (array_key_exists ( 'additionalgroups' , $mybb->user)){
if($mybb->user['additionalgroups'])
$grouparray = explode(",",$mybb->user['additionalgroups']);
}
$grouparray[] = $mybb->user['usergroup'];
if (in_array(self::$usergroupid['banned'], $grouparray)){
return false;
}
if (!in_array(self::$usergroupid[$usergroupname], $grouparray)) {
return false;
}
return true;
}
As you can see i get the information of the usergroup of the „global $mybb“ variable.
$mybb->user['usergroup']
$mybb->user['additionalgroups']
Is this secure way?
Could someone change the values of this variable?
On this site i read something about „MyBB Global Variable Overwrite Vulnerability“.
Where do the values of the $mybb variable come from?
I am very thankful for an improvement if needed.
Regards
suiluj