Solved: 4 Years, 2 Months, 2 Weeks ago Is $page in forumdisplay.php vulnerable?
#1
Solved: 4 Years, 2 Months, 2 Weeks ago
Hi, I'm just curious.

in forumdisplay.php


$page = $mybb->input['page'];
$start = ($page-1) * $perpage;



  .
  .
  .

$query = $db->query("
   .
   .
  LIMIT $start, $perpage

 ");


I think it can cause security problems by connecting to DB

I think "$mybb->get_input('page', MyBB::INPUT_INT);" is better

Am I thinking wrong?
Reply
#2
Solved: 4 Years, 2 Months, 2 Weeks ago
Take note of the two variables you're talking about. The variable $page is never called in a query in forumdisplay.php. It's $perpage which gets called, which are two completely different variables. Even though not necessarily needed, yes the latter would be better.

Note that if you think there's a vulnerability in the software post it in Private Inquiries first. If it was a real vulnerability you would of just released it to the whole world.
Plugin Count: I lost count.
Public Plugins are available here.
Please do not PM me for support unless asked to.
Reply
#3
Solved: 4 Years, 2 Months, 2 Weeks ago
$query = $db->query("
  LIMIT $start, $perpage
 ");

but $start does.
and $start is"($page-1) * $perpage;
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)