vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   EWT Statistics (https://vborg.vbsupport.ru/showthread.php?t=203193)

SloppyGoat 01-26-2009 08:39 PM
EWT Statistics
 
Can someone take a look at this and see if it can be made to work correctly with 3.8.0. It looks like something simple, if you happen to understand PHP. (But I don't) This was released here for an earlier version, and has been working fine with 3.8.0, but recently, I got a few database errors, like this...

Database error in vBulletin 3.8.0:

Invalid SQL:

INSERT INTO ewt_statistics
(uid, sectionid, thisscript, ipaddy, useragent)
VALUES
(0, 0, 'index', '205.196.222.10', '<a href='http://db2-sql.blogspot.com'> DB DB2 ODBC</a> support@runnk.com');

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://db2-sql.blogspot.com'> DB DB2 ODBC</a> support@runnk.com')' at line 4
Error Number : 1064
Request Date : Monday, January 26th 2009 @ 03:43:53 PM
Error Date : Monday, January 26th 2009 @ 03:43:53 PM
Script : *** Removed URL ***
Referrer :
IP Address : 205.196.222.10
Username : Unregistered
Classname : vB_Database
MySQL Version :

(I've only received two of these errors and they're both the same. Otherwise, it appears to work fine. Maybe just a variable name changed or something?)

*** Removed Copyrighted File ***

Dismounted 01-27-2009 04:19 AM
I suggest you remove the modification immediately. It suffers from an exploit called "SQL injection", which can be used to execute basically any SQL query the attacker wants. I suggest you contact the author, as well as reporting the modification thread, so staff can quarantine it.

PS. I have remove your site URL, to protect your site from being attacked.

SloppyGoat 01-27-2009 04:26 AM
Thanks. Do you know of a way to fix it? Now there will be no total page views. I have no idea who the original author was. :( Has it always been a security risk? Because my firewall used to block a lot of SQL injection attempts. Apparently, it did it's job.

Dismounted 01-27-2009 04:57 AM
Quote:
Originally Posted by SloppyGoat (Post 1725885)
Do you know of a way to fix it?
You can fix it, but you would need PHP experience.
Quote:
Originally Posted by SloppyGoat (Post 1725885)
Has it always been a security risk?
If it's there, it there.

SloppyGoat 01-27-2009 04:57 AM
Is there anything that can replace my hit counter (in the statistics bar) that's safe to use? That was nice to have. :(

--------------- Added 27 Jan 2009 at 00:59 ---------------

Quote:
Originally Posted by Dismounted (Post 1725905)
You can fix it, but you would need PHP experience.

If it's there, it there.
I'm asking if anyone can fix it, or if there is something that can replace it? Hard to believe there is no real hit counter like this that's safe anymore. I'd been using it for 6 years, and never have been hacked or anything.

--------------- Added 27 Jan 2009 at 01:34 ---------------

What was the exploit, now that it's uninstalled? Is it really that serious? I mean, I've had this installed for probably 6 years now, and never had any attacks. My firewall has blocked tons of attempts at SQL injections, but nobody has managed to execute anything. Do you think it's safe to run, since my firewall detects and successfully blocks this type of attack?

Marco van Herwaarden 01-27-2009 09:58 AM
The useragent is not cleaned before inserting into the query, leading to possible SQL Injections.

SloppyGoat 02-03-2009 04:54 AM
So, no one can make this nifty little hack safe? :confused:

Marco van Herwaarden 02-03-2009 08:41 AM
Nobody said that, we only say that the current script you use is vulnerable.

SloppyGoat 02-03-2009 09:00 AM
Well, if anyone would like to do it, I'm sure it would be much appreciated! I know I sure would appreciate it. I'm surprised there isn't a version of this that is safe, already. It seems like such a necessary statistic. :( I know there are probably other types of counters, but I haven't seen anything that's so nicely integrated like this. It was nice to know that I had over 2.1 million views! That attracted a paying advertiser, once! :)

Marco van Herwaarden 02-03-2009 09:09 AM
We don't even know which modification you are talking about. If you have questions regarding a modification, then please post in the thread of that modification.

PS If a vulnerable version is posted on vB.org, then please use the Report Post link to report it.

SloppyGoat 02-03-2009 09:21 AM
It's no longer here, as far as I can tell from searching. Would it be ok if I post the old version of it and ask someone if they'd like to take a look at it and see if it can be fixed? I still have it. I wish I could figure it out, but I'm not a coder, obviously. :erm:

Marco van Herwaarden 02-03-2009 09:32 AM
Sorry but you can not post a script without the permission of the author.

SloppyGoat 02-03-2009 09:53 AM
The author's name is nowhere on or in it, and this is years old. It may even be from the 2.x days. I'm sure I got it here, but there is no sign of it anymore, so you guys must've deleted it.

Marco van Herwaarden 02-03-2009 10:10 AM
I have searched vB.org, including our archives, and i find no trace of a modification with such a name. Even searching on google don't give me anything beside the posts you have made.

Dismounted 02-03-2009 10:21 AM
The prefix does "belong" to a now unlicensed user, though.

SloppyGoat 02-03-2009 10:22 AM
Well, I emailed the support email listed in the error, but I doubt there will be any reply. We'll see.

--------------- Added [DATE]1233663825[/DATE] at [TIME]1233663825[/TIME] ---------------

Quote:
Originally Posted by Dismounted (Post 1732919)
The prefix does "belong" to a now unlicensed user, though.
Does that mean it can be posted then?

Dismounted 02-04-2009 07:03 AM
Quote:
Originally Posted by SloppyGoat (Post 1732922)
Does that mean it can be posted then?
No. I am just saying a user has previously used "EWT" - this may be one of his/her modifications.


All times are GMT. The time now is 10:40 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02008 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (17)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete