Previous Thread
Next Thread
Print Thread
Hop To
#213165 05/21/2008 12:07 PM
Joined: May 2008
Posts: 9
J
stranger
stranger
J Offline
Joined: May 2008
Posts: 9
Is anyone here familiar with SQL Injection and is UBB Threads vulnerable?

jmt123 #213168 05/21/2008 12:16 PM
Joined: Jun 2006
Posts: 9,242
Likes: 1
R
Former Developer
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Yes. In the past UBB.threads had several vulnerabilities during different stages. Generally, this was related to forgetting to call addslashes and sanitize all data coming from the user.

When we rewrote version 7 however we now pass everything through a variety of functions that take care of this. All of our sql queries go through a routine where we pass the user data in an array, and each one is sanitized/escaped properly before actually being passed to MySQL. So we haven't had an issue with this since 7.0 came out.


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Another error
by Baldeagle - 10/07/2024 9:08 PM
Is this a cookie issue?
by Baldeagle - 10/05/2024 2:01 PM
Search button not there
by ehill - 10/02/2024 2:56 PM
Change the Order of the buttons in a post
by Unixspot - 09/19/2024 10:04 PM
How do I get rid of this?
by Baldeagle - 09/12/2024 6:30 PM
Who's Online Now
1 members (1 invisible), 765 guests, and 64 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.1
(Snapshot build 20240918)