Portal Forums Calendar Active Threads
Previous Thread
Next Thread
Print Thread
Hop To
SQL Injection
#213165 05/21/2008 12:07 PM
Joined: May 2008
Posts: 9
J
jmt123
Offline
stranger
jmt123
stranger
J Offline
Joined: May 2008
Posts: 9
Is anyone here familiar with SQL Injection and is UBB Threads vulnerable?
Re: SQL Injection
jmt123 #213168 05/21/2008 12:16 PM
Joined: Jun 2006
Posts: 9,242
Likes: 1
Aberdeen, WA
R
Rick Offline
Former Developer
Rick
Former Developer
R Offline
Joined: Jun 2006
Posts: 9,242
Likes: 1
Aberdeen, WA
Yes. In the past UBB.threads had several vulnerabilities during different stages. Generally, this was related to forgetting to call addslashes and sanitize all data coming from the user.

When we rewrote version 7 however we now pass everything through a variety of functions that take care of this. All of our sql queries go through a routine where we pass the user data in an array, and each one is sanitized/escaped properly before actually being passed to MySQL. So we haven't had an issue with this since 7.0 came out.

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Bots
by Outdoorking - 04/13/2024 5:08 PM
Can you add html to language files?
by Baldeagle - 04/07/2024 2:41 PM
Do I need to rebuild my database?
by Baldeagle - 04/07/2024 2:58 AM
This is not a bug, but a suggestion
by Baldeagle - 04/05/2024 11:25 PM
Is UBB.threads still going?
by Aaron101 - 04/01/2022 8:18 AM
Who's Online Now
1 members (Nightcrawler), 1,165 guests, and 234 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Forum Rules · Mark All Read Contact Us · Forum Help · UBBCentral
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)