vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Mysterious database error (https://vborg.vbsupport.ru/showthread.php?t=281591)

av8or1 04-15-2012 05:40 PM
Mysterious database error
 
Hi-

I am running vB 4.1.3 and have been for a year now. I have never encountered any type of database error, but recently I received - via email - the following:

Database error in vBulletin 4.1.3:

Invalid SQL:

SELECT socialgroupcategory.title
FROM socialgroupcategory AS socialgroupcategory
WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select username from user where userid=6 and row(1,1)>(select count(*),concat( (select user.username) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*);

MySQL Error : Duplicate entry 'lehlom:1' for key 'group_key'
Error Number : 1062
Request Date : Saturday, April 14th 2012 @ 01:17:57 PM
Error Date : Saturday, April 14th 2012 @ 01:17:57 PM
Script : http://www.russiancarclub.com/forum/...php?do=process
Referrer :
IP Address : 212.75.216.254
Username : Unregistered
Classname : vB_Database_MySQLi
MySQL Version :

Anyone ever seen this before? BTW, I read the recent article regarding a separate database error and ran the suspect files diagnostic per Lynn's recommendation. However I didn't see anything suspicious, just files that are a part of my add-ons. And that list consists of:

Article Forum
Attachment Gallery
Auto Database Backup
Change Posts Owner
Cinvin
GlowHost
LAM
MARCO1
Members who have visited
Picture and Album Gallery
Reply to All - PM
Skimlinks
Spiders Display
VB Pro Garage
vBa

Thanks!

Jerry

ForceHSS 04-15-2012 07:15 PM
admincp/Groups/Group Categories
check there for the error

kh99 04-15-2012 07:17 PM
Looks like that's caused by someone trying to exploit a security issue that's been fixed in later versions. One change that was made (I assume) to fix it is in packages/vbforum/search/socialgroupmessage.php, around line 511, the parts in red were added:

Code:
        protected $type_globals = array (
                'nocache'            => TYPE_UINT,
                'messagegroupid'    => TYPE_ARRAY_UINT,
                'categoryid'        => TYPE_ARRAY_UINT
        );

I can't guarantee that's the only change needed (or that there aren't other security issues with that version), so it's probably best to update to the latest version when you can.

av8or1 05-03-2012 04:30 PM
Yeah I need to upgrade, just no time to work on it considering the number of add-ons that I have installed and the (potential) need to update each one of them...

I'll get around to it. No repeat of this error since then, so hopefully all is well.

Thank you for the feedback!


All times are GMT. The time now is 01:05 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00915 seconds
  • Memory Usage 1,719KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete