Is $db->query() vulnerable?
#1
Hi,

The title just says it all...

Is the usage of POST or GET variables inside a 
$db->query();

query SQL vulnerable?
Thanks!
Reply
#2
Can you provide an example query you think can exploit the query?

MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.

If you're using $db->query(), be sure to clean your code. As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.
Reply
#3
(2018-12-17, 05:32 PM)labrocca Wrote: Can you provide an example query you think can exploit the query?  

MyBB's $db class has mostly been the same, in regards to security, for a very long time. For plugins and core MyBB code you should use $db->escape_string() for variables which might contain injection code.  

If you're using $db->query(), be sure to clean your code.  As far as I know all the default usage of it is sanitized. Otherwise there is a default MySQL Injection vulnerability.

Exactly. When constructing a query using GET or POST parameters, always escape them or cast them. If the values are integer values, you can simply cast them to integers such as $uid = $mybb->get_input('pid', MyBB::INPUT_INT). Otherwise, escape them like $username = $db->escape_string($mybb->get_input('username').
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)