Is $db->query() vulnerable?
#3
(2018-12-17, 05:32 PM)labrocca Wrote: Can you provide an example query you think can exploit the query?  

MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.  

If you're using $db->query(), be sure to clean your code.  As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.

Exactly. When constructing a query using GET or POST parameters, always escape them or cast them. If the values are integer values, you can simply cast them to integers such as $uid = $mybb->get_input('pid', MyBB::INPUT_INT). Otherwise, escape them like $username = $db->escape_string($mybb->get_input('username').
Reply


Messages In This Thread
Is $db->query() vulnerable? - by mariolatif741 - 2018-12-17, 02:01 PM
RE: Is $db->query() vulnerable? - by labrocca - 2018-12-17, 05:32 PM
RE: Is $db->query() vulnerable? - by Euan T - 2018-12-17, 08:26 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)