Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Disable upload attachments?
#1
I am trying to prevent all possible ways of SQLi and XSS.

If normal users can upload attachments, can they upload a shell and take down a site?
#2
No, the attachment system is secure and is designed so that people can't execute files the may upload.
-Paul H.

Cogisne lingua latina?
#3
If you really want to prevent all possible ways of your forum being exploited, simply don't run a forum at all. There will always be risks but disabling everything which might, possibly, slightly, have a chance of being vulnerable is overkill.

If shelling a forum was as easy as uploading an attachment, we wouldn't have developed the attachments system in the first place. Just stay up to date with the latest MyBB release and be sensible with what plugins you install.
No longer involved in the MyBB project.


Forum Jump:


Users browsing this thread: 1 Guest(s)