vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Anyone know what this weird error is? (https://vborg.vbsupport.ru/showthread.php?t=306047)

Disco_Dave 12-19-2013 06:44 AM
Anyone know what this weird error is?
 
We haven't had any errors in awhile, just seems strange.

PHP Code:
Database error in vBulletin 4.2.2:

Invalid SQL:
SELECT FROM vbuserregcode WHERE userregemail 'bell_o'reily9215@internetmarketerthemes.com';

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reily9215@internetmarketerthemes.com'' at line 1
Error Number  1064
Request Date  WednesdayDecember 18th 2013 11:27:55 PM
Error Date    WednesdayDecember 18th 2013 11:27:57 PM
Script        http://www.nirc.co.uk/forums/joiningthenirc.php
Referrer      https://www.nirc.co.uk/forums/joiningthenirc.php?
IP Address    23.231.103.163
Username      Unregistered
Classname     vB_Database_MySQLi
MySQL Version 

billstelling 12-19-2013 07:05 AM
'bell_o'reily9215@internetmarketerthemes.com'

that is causing the error code. the ' mark.

Disco_Dave 12-19-2013 07:08 AM
Quote:
Originally Posted by billstelling (Post 2469382)
'bell_o'

that is causing the error code. the ' marks
Any idea on how to fix this? Thanks for the reply.

billstelling 12-19-2013 07:12 AM
take the ' out of the email address. he will have to use another email to join nirc.

Lynne 12-19-2013 05:37 PM
Or fix the query to accept the ' (use addslashes(htmlspecialchars_uni ? Sorry, it's been a while since I've done that.)

Zachery 12-19-2013 09:25 PM
You're not sanitizing your inputs, that file is just ready to bust out some nearly nasty SQLi

vBNinja 12-19-2013 10:38 PM
I highly recommend you get someone who knows how to securely handle queries to fix your code because as it is, anyone can easily drop any table in your database.

If you're the one one that coded it, simply pass your email variable through the $vbulletin->db->escape_string() function

ForceHSS 12-19-2013 10:48 PM
The ip belongs to a spam bot i see

ozzy47 12-19-2013 10:57 PM
If this code is vulnerable, then the mod needs to be grave yarded, https://vborg.vbsupport.ru/showthread.php?t=294164

--------------- Added [DATE]1387505631[/DATE] at [TIME]1387505631[/TIME] ---------------

Which I see it now is, 'quarantined'

BirdOPrey5 12-20-2013 01:16 AM
Yes I have quarantined the mod and informed the author of a security issue. I recommend anyone with this mod installed, disable it in product manager until an update is released.


All times are GMT. The time now is 03:53 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01030 seconds
  • Memory Usage 1,737KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete