Hi Guys

Receiving database errors, when some registers with ' in the email address. Would anyone know how to fix this?

Database error in vBulletin 4.2.2:

Invalid SQL:
SELECT * FROM vbuserregcode WHERE userregemail = 'wendy_o'reilly@inwebmail.com';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reilly@inwebmail.com'' at line 1
Error Number : 1064
Request Date : Monday, September 15th 2014 @ 04:56:37 PM
Error Date : Monday, September 15th 2014 @ 04:56:38 PM
Script : http://nirc.co.uk/joiningthenirc.php
Referrer : http://nirc.co.uk/joiningthenirc.php
IP Address : 69.12.84.199
Username : Unregistered
Classname : vB_Database_MySQLi
MySQL Version :


Dave

Which plugin are you using which alters the registration process? I think we have a SQL injection vulnerability here.

It's that one, that makes you register your email before you can sign up. Give me a sec and I'll find it.



this one? https://vborg.vbsupport.ru/showthread.php?t=294164

Go to your plugins in the admincp and look for the register_start hook of that plugin.

Find:
$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '$email'");

Replace with:
$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '" . $db->escape_string($email) . "'");

I'll give that a go now mate cheers :D

possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/4009633-mysql-database-error

possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/4009633-mysql-database-error


I'm pretty sure vb is his table_prefix.

May be I'm reading it wrong....But is that line not already the same as you provided?

$navbits = construct_navbits(array('' => 'Verify Email'));
$navbar = render_navbar_template($navbits);
$vbulletin->input->clean_array_gpc('r', array(
'email' => TYPE_STR,
'emailconfirm' => TYPE_STR,
'emailconfirmationcode' => TYPE_STR,
'codehasbeenset' => TYPE_BOOL,
'so' => TYPE_BOOL,
'emailcode' => TYPE_STR,
'ihaveit' => TYPE_BOOL,
'reorder' => TYPE_BOOL,
'month' => TYPE_UINT,
'year' => TYPE_UINT,
'day' => TYPE_UINT,
COOKIE_PREFIX . 'notcoppa' => TYPE_STR

));

if($vbulletin->options['usecoppa'])
{
$current['year'] = date('Y');
$current['month'] = date('m');
$current['day'] = date('d');



if(!isset($_COOKIE[COOKIE_PREFIX . 'notcoppa']) AND $vbulletin->GPC['month'] != 0 AND $vbulletin->GPC['day'] != 0 AND $vbulletin->GPC['year'] != 0 AND (mktime(0, 0, 0, $vbulletin->GPC['month'], $vbulletin->GPC['day'], $vbulletin->GPC['year']) <= mktime(0, 0, 0, $current['month'], $current['day'], $current['year'] - 13)))
{
vbsetcookie('notcoppa', $vbulletin->GPC['month'] . '-' . $vbulletin->GPC['day'] . '-' . $vbulletin->GPC['year'], 1);
}

$coppaage = ($_COOKIE[COOKIE_PREFIX . 'coppaage']) ? $_COOKIE[COOKIE_PREFIX . 'coppaage'] : $_COOKIE[COOKIE_PREFIX . 'notcoppa'] ;

if($coppaage)
{
$dob = explode('-', $coppaage);
$month = ( $dob[0] != 0) ? $dob[0] : -1;
$day = ( $dob[1] != 0 ) ? $dob[1] : -1;
$year = ( $dob[2] != 0 ) ? $dob[2] : -1;
}
}
$so = (isset($vbulletin->GPC['so'])) ? $vbulletin->GPC['so'] : 0 ;
$email = strtolower($vbulletin->GPC['email']);
$emailcode= $vbulletin->GPC['emailcode'] ;
$emailconfirm= $vbulletin->GPC['emailconfirm'] ;
$emailconfirmationcode = $vbulletin->GPC['emailconfirmationcode'];
$codehasbeenset = $vbulletin->GPC['codehasbeenset'];
$reorder = $vbulletin->GPC['reorder'];
$ihaveit = $vbulletin->GPC['ihaveit'];

$show['reorder'] = false;
$show['emailerrors'] = false;

if(isset($email) AND $email != "" AND !empty($email))
{

if(!simpleping($email))
{
$show['emailerrors'] = true;
$errorlist .= "<li>".$vbphrase['pingerror']."</li>";
}

$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '$email'");

if ($db->num_rows($emailalreadyused) )
{
$show['emailerrors'] = true;
$show['reorder'] = true;
$errorlist .= "<li>".$vbphrase['emailalreadyusednotconfirmed']."</li>";
$userfetched = $db->fetch_row($emailalreadyused);
if($userfetched[3] >= $vbulletin->options['email_verfication'])
{
eval(standard_error(fetch_error('thiswasusedmoreth anenough')));
}
}

$emailalreadyregisterd = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '$email'");

if ($db->num_rows($emailalreadyregisterd))
{
$show['emailerrors'] = true;
$errorlist .= "<li>".$vbphrase['emailalreadyregisterd']."</li>";
}
}

if( $so != 1 AND ( ($show['emailerrors'] AND $codehasbeenset != 0) OR ( !isset($email) OR $email == "" OR empty($email) ) ) AND !$reorder AND !$ihaveit )
{
$codehasbeenset = 0;
$templater = vB_Template::create('reg_ver_start');
$templater->register('header', $header);
$templater->register('navbar', $navbar);
$templater->register('email', $email);
$templater->register('emailconfirm', $emailconfirm);
$templater->register('headinclude', $headinclude);
$templater->register('footer', $footer);
$templater->register('errorlist', $errorlist);
$templater->register('reorder', $reorder);
$templater->register('ihaveit', $ihaveit);
$templater->register('codehasbeenset ', $codehasbeenset );
$templater->register('jqueryurl', $jqueryurl);
$reg_ver_start = $templater->render();
vB_Template::preRegister('register', array('reg_ver_start' => $reg_ver_start));
$vbulletin->templatecache['register'] = '$reg_ver_start';

possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum/vbulletin-4/vbulletin-4-questions-problems-and-troubleshooting/4009633-mysql-database-error



Yes I posted this on here some time ago also, I did remove the mod when vb.org pulled it because of my thread. I will try what you have suggested..

I downloaded the latest version, but it's not safe:
It has a check to see if it's a string, then there's a strtolower function around it. Then the variable is being used in the query without being sanitized.

You should change the following:

$email = strtolower($vbulletin->GPC['email']);

to

$email = $db->escape_string(strtolower($vbulletin->GPC['email']));

I'm pretty sure vb is his table_prefix.
yah, you are right. didn't notice that...

I guess it is an issue with the mod itself then...

possibly it the same issue as this thread: http://stackoverflow.com/questions/1961308/apostrophes-are-breaking-my-mysql-query-in-php

it is escaping the apostrophes in mysql ... not sure though...

I've uninstalled this mod, is it better to not install this mod again?

Thanks for your help on this one guys

Not until this vulnerability is fixed. I reported the mod so the creator can fix it.

Not until this vulnerability is fixed. I reported the mod so the creator can fix it.

Cheers Dave, you've been a great help :)