You are not logged in. [Log In] UBB.threads PHP Forum Software Community » Forums » UBB.threads News and Discussions » Pre-Sales Questions » SQL Injection
Register User    Portal Page     Forum List        Calendar     Active Topics     Search     FAQ
Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online
7 registered (smallufo, SteveS, sampsonzurich, Bjab, FordDoctor, Stan, Pilgrim), 27 Guests and 13 Spiders online.
Key: Admin, Global Mod, Mod
Featured Member
Registered: 05/17/12
Posts: 3
Top Posters (30 Days)
Ruben 51
Gizmo 24
DennyP 24
Dunny 15
SteveS 14
AllenAyres 12
SD 10
dbremer 10
drkknght00 9
doug 8
Latest Photos
OK Corral Shoot Out
Testing
Basildon Train Station
Basildon Town Centre looking from the rounderbout
Basildon Town Square
Topic Options
#213165 - 05/21/08 12:07 PM SQL Injection
jmt123 Offline
stranger 		Registered: 05/17/08
Posts: 10
Is anyone here familiar with SQL Injection and is UBB Threads vulnerable?
Top
Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
#213168 - 05/21/08 12:16 PM Re: SQL Injection [Re: jmt123]
Rick Offline
Post-a-holic 		Registered: 06/04/06
Posts: 10164
Loc: Aberdeen, WA
Yes. In the past UBB.threads had several vulnerabilities during different stages. Generally, this was related to forgetting to call addslashes and sanitize all data coming from the user.

When we rewrote version 7 however we now pass everything through a variety of functions that take care of this. All of our sql queries go through a routine where we pass the user data in an array, and each one is sanitized/escaped properly before actually being passed to MySQL. So we haven't had an issue with this since 7.0 came out.
Top



Moderator:  AllenAyres, Ian, Ron M 
Shout Box

Today's Birthdays
No Birthdays
Recent Topics
Due Date Calculator-Calculate When Your Baby is Due
by StewartMyduedate
12:54 AM
Temporary Password email not being received
by
05/24/12 10:02 PM
Ability to "like" individual posts (not Facebook "likes)
by doug
05/23/12 09:03 AM
Island Permissions
by ThreadsUser
05/22/12 03:03 PM
streaming video
by prkrgrp
05/20/12 07:02 PM
Forum Stats
10492 Members
36 Forums
33842 Topics
181709 Posts

Max Online: 978 @ 06/24/07 11:19 PM
Random Image
Board Rules · Mark all read
Contact Us · UBBCentral · Top