Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Securing against SQL Injection?
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 05-26-2011, 10:44 PM
Disasterpiece's Avatar
Disasterpiece Disasterpiece is offline
 
Join Date: Apr 2007
Location: GER
Posts: 765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Right.

So the biggest security risks are: SQL Queries, eval() functions and anything which has to do with file operations like fopen(), fread(), file_get_contents(), include(), require(), etc.

When you look through the mods, look out for these areas and check what vars they are using. Then try to track them back where they came from and what has been done with them since they have been defined.
The easiest thing to spot is if they come directly from user-input vars like $_GET, $_POST, $_FILE, $_COOKIE or $_REQUEST, but also from $_SERVER and $_ENV which is NOT safe, altough you might think it. Even HTTP-Referrer and User-Agents can be faked, as well as cookie values.

However, you track these variables back, until you find some functionality which sanitizes them.
For integers, it's quite easy to do, like
PHP Code:
$foo = (int)$var;
$foo intval($var);
$foo sprintf("%d"$var);
$foo 0+$var
etc.
A good but very advanced method of sanitizing strings is regex. It's mostly safe and a good idea to use it, given that you have enough knowledge to actually use it right.
$db->escape_string() works for most strings, it just escapes anything which could mess up the query like quotes, comment-chars, nullbytes, etc.

If you get to the point, where vbulletin functions are used to sanitize gpc vars, you might want to check the includes/class.core.php file, find the vB_gpc class and see what the "clean" vars do, because like the past showed us, not everyone knows what they actually do. Not all of them "clean" a string for usage in queries or evals, they just make according typecast which has nothing to do with security.

If you are unsure weather a mod has a security flaw or not, ask in the forums, PM a staff member or PM me if you like.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:09 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03196 seconds
  • Memory Usage 2,191KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete