2018-12-17, 02:01 PM
2018-12-17, 05:32 PM
Can you provide an example query you think can exploit the query?
MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.
If you're using $db->query(), be sure to clean your code. As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.
MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.
If you're using $db->query(), be sure to clean your code. As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.
2018-12-17, 08:26 PM
(2018-12-17, 05:32 PM)labrocca Wrote: [ -> ]Can you provide an example query you think can exploit the query?
MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.
If you're using $db->query(), be sure to clean your code. As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.
Exactly. When constructing a query using GET or POST parameters, always escape them or cast them. If the values are integer values, you can simply cast them to integers such as
$uid = $mybb->get_input('pid', MyBB::INPUT_INT)
. Otherwise, escape them like $username = $db->escape_string($mybb->get_input('username')
.