dEEpEst Posted September 8, 2015 Share Posted September 8, 2015 Credits: Kalista Something I see a lot is that many vulnerable vBulletin plugins do not sanitize/check variables the right way. The right way to use user input data in queries is like this: This is the hidden content, please Sign In or Sign Up The first argument defined the type of request. p is a POST request in this case. The second argument is an array with field values and the type of the variable. Whenever you use a string and it should not contain any HTML, ALWAYS use TYPE_NOHTML. If you use TYPE_STR, it might open up a cross site scripting vulnerability as well as SQL injection. In case you use a variable which is not an integer, always wrap it around the $db->escape_string function. Here a small part of the code which is used by the clean_array_gpc function: This is the hidden content, please Sign In or Sign Up As you can see, variables which should be integers get wrapped around the intval function. NOHTML variables will be wrapped around the htmlspecialchars function, which converts special characters to HTML entities Never think that the clean_array_gpc or clean_gpc functions actually clean strings of bad stuff, they do not! Link to comment Share on other sites More sharing options...
Recommended Posts