Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 02 Sep 2014, 19:40
fookaa fookaa is offline
 
Join Date: Dec 2009
Safe or not ??

Hi,

I was searching around for games for my arcade and stumbled upon a post suggesting this mod is subject to a SQLi error and it is one of the most exploited SQLi's ever oO !!!

So is this true ? If so is there an exploit fix ?

The post saying this was posted on 05-18-2013 and the last update for this mod was on 27 Feb 2012 so im a bit worried now ....
Reply With Quote
Comments
  #2  
Old 02 Sep 2014, 20:01
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I checked the source quickly (mainly the queries), but it seems safe.

addslashes is used at some places which is not safe if you use a certain character encoding, but I doubt anyone would ever use any of these character encodings for a vBulletin forum.
Reply With Quote
  #3  
Old 02 Sep 2014, 20:43
fookaa fookaa is offline
 
Join Date: Dec 2009
I just sent you a pm of the warning post I found...
Reply With Quote
  #4  
Old 02 Sep 2014, 21:12
tbworld tbworld is offline
 
Join Date: Oct 2008
Originally Posted by fookaa View Post
I just sent you a pm of the warning post I found...
Please send me a copy of the post or the URL, I would appreciate it.
Reply With Quote
  #5  
Old 02 Sep 2014, 21:18
fookaa fookaa is offline
 
Join Date: Dec 2009
Originally Posted by tbworld View Post
Please send me a copy of the post or the URL, I would appreciate it.
Sent..

--------------- Added 02 Sep 2014 at 21:33 ---------------

So whats the verdict ?

--------------- Added 02 Sep 2014 at 21:55 ---------------

im trying to reply to your PM but this site keeps timing out ?
Reply With Quote
  #6  
Old 02 Sep 2014, 22:34
tbworld tbworld is offline
 
Join Date: Oct 2008
[quote=fookaa;2513538]Sent..

--------------- Added 02 Sep 2014 at 13:33 ---------------

So whats the verdict ?

Taking a quick look at version 2.7.2+, this should not be an issue, as they are now parsing the query string for SQL commands among other things. You should be using a PHP version of 3.5 or greater as a minimum.

I will do some tests on it later this evening.
Reply With Quote
  #7  
Old 05 Sep 2014, 23:31
stangger5's Avatar
stangger5 stangger5 is offline
 
Join Date: Jan 2005
What do you think about letting vBulletin Input Clean handle it ??
__________________
vb ibProArcade: Download Game, Game Challenge, Report Game, Daily Game Systems.
40,000+ Flash and HTML5 Games,, and more can be found at: next-level-arcade.com
Reply With Quote
  #8  
Old 06 Sep 2014, 12:53
fookaa fookaa is offline
 
Join Date: Dec 2009
Any news on this ?
Reply With Quote
  #9  
Old 06 Sep 2014, 12:58
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
It's safe.
Reply With Quote
  #10  
Old 06 Sep 2014, 15:12
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
Definitely safe.
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 19:01.

Layout Options | Width: Wide Color: