vb.org Archive - Anyone help with this '

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - Anyone help with this ' (https://vborg.vbsupport.ru/showthread.php?t=314336)

Anyone help with this '

Hi Guys

Receiving database errors, when some registers with ' in the email address. Would anyone know how to fix this?

PHP Code:


		
			
Database error in vBulletin 4.2.2:



Invalid SQL:

SELECT * FROM vbuserregcode WHERE userregemail = 'wendy_o'reilly@inwebmail.com';



MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reilly@inwebmail.com'' at line 1

Error Number  : 1064

Request Date  : Monday, September 15th 2014 @ 04:56:37 PM

Error Date    : Monday, September 15th 2014 @ 04:56:38 PM

Script        : http://nirc.co.uk/joiningthenirc.php

Referrer      : http://nirc.co.uk/joiningthenirc.php

IP Address    : 69.12.84.199

Username      : Unregistered

Classname     : vB_Database_MySQLi

MySQL Version :

Dave

Which plugin are you using which alters the registration process? I think we have a SQL injection vulnerability here.

It's that one, that makes you register your email before you can sign up. Give me a sec and I'll find it.

this one? https://vborg.vbsupport.ru/showthread.php?t=294164

Go to your plugins in the admincp and look for the register_start hook of that plugin.

Find:

Code:

$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '$email'");

Replace with:

Code:

$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '" . $db->escape_string($email) . "'");

I'll give that a go now mate cheers :D

possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum...database-error

Quote:

Originally Posted by fxdigi-cash (Post 2515362)

I'm pretty sure vb is his table_prefix.

May be I'm reading it wrong....But is that line not already the same as you provided?

PHP Code:


		
			
$navbits = construct_navbits(array('' => 'Verify Email')); 
$navbar = render_navbar_template($navbits); 
            $vbulletin->input->clean_array_gpc('r', array( 
        'email' => TYPE_STR, 
        'emailconfirm' => TYPE_STR, 
        'emailconfirmationcode' => TYPE_STR, 
        'codehasbeenset' => TYPE_BOOL, 
        'so' => TYPE_BOOL, 
        'emailcode' => TYPE_STR, 
        'ihaveit' => TYPE_BOOL, 
        'reorder' => TYPE_BOOL, 
    'month' => TYPE_UINT, 
    'year'  => TYPE_UINT, 
    'day'   => TYPE_UINT, 
        COOKIE_PREFIX . 'notcoppa' =>  TYPE_STR 

    )); 

if($vbulletin->options['usecoppa']) 
{ 
$current['year'] = date('Y'); 
$current['month'] = date('m'); 
$current['day'] = date('d'); 



if(!isset($_COOKIE[COOKIE_PREFIX . 'notcoppa']) AND $vbulletin->GPC['month'] != 0 AND $vbulletin->GPC['day'] != 0 AND $vbulletin->GPC['year'] != 0 AND (mktime(0, 0, 0, $vbulletin->GPC['month'], $vbulletin->GPC['day'], $vbulletin->GPC['year']) <= mktime(0, 0, 0, $current['month'], $current['day'], $current['year'] - 13))) 
{ 
vbsetcookie('notcoppa', $vbulletin->GPC['month'] . '-' . $vbulletin->GPC['day'] . '-' . $vbulletin->GPC['year'], 1); 
} 

$coppaage = ($_COOKIE[COOKIE_PREFIX . 'coppaage']) ? $_COOKIE[COOKIE_PREFIX . 'coppaage'] : $_COOKIE[COOKIE_PREFIX . 'notcoppa'] ; 

if($coppaage) 
{ 
$dob = explode('-', $coppaage); 
$month = ( $dob[0] != 0) ? $dob[0] : -1; 
$day = ( $dob[1] != 0 ) ? $dob[1] : -1; 
$year = ( $dob[2] != 0 ) ? $dob[2] : -1; 
} 
} 
$so = (isset($vbulletin->GPC['so'])) ? $vbulletin->GPC['so'] : 0 ; 
$email = strtolower($vbulletin->GPC['email']); 
$emailcode= $vbulletin->GPC['emailcode'] ; 
$emailconfirm= $vbulletin->GPC['emailconfirm'] ; 
$emailconfirmationcode = $vbulletin->GPC['emailconfirmationcode']; 
$codehasbeenset = $vbulletin->GPC['codehasbeenset']; 
$reorder = $vbulletin->GPC['reorder']; 
$ihaveit = $vbulletin->GPC['ihaveit']; 

$show['reorder'] = false; 
$show['emailerrors'] = false; 

if(isset($email) AND $email != "" AND !empty($email)) 
{ 

    if(!simpleping($email)) 
    { 
        $show['emailerrors'] = true; 
        $errorlist .= "<li>".$vbphrase['pingerror']."</li>"; 
    } 

    $emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '$email'"); 

    if ($db->num_rows($emailalreadyused) ) 
    { 
        $show['emailerrors'] = true; 
        $show['reorder'] = true; 
        $errorlist .= "<li>".$vbphrase['emailalreadyusednotconfirmed']."</li>"; 
        $userfetched = $db->fetch_row($emailalreadyused); 
        if($userfetched[3] >= $vbulletin->options['email_verfication']) 
        { 
             eval(standard_error(fetch_error('thiswasusedmorethanenough'))); 
        } 
    } 

    $emailalreadyregisterd = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '$email'"); 

    if ($db->num_rows($emailalreadyregisterd)) 
    { 
        $show['emailerrors'] = true; 
        $errorlist .= "<li>".$vbphrase['emailalreadyregisterd']."</li>"; 
    } 
} 

if( $so != 1 AND ( ($show['emailerrors'] AND $codehasbeenset != 0) OR ( !isset($email) OR $email == "" OR empty($email) ) ) AND !$reorder AND !$ihaveit )
{ 
    $codehasbeenset = 0;  
    $templater = vB_Template::create('reg_ver_start'); 
    $templater->register('header', $header); 
    $templater->register('navbar', $navbar);  
    $templater->register('email', $email);  
    $templater->register('emailconfirm', $emailconfirm);  
    $templater->register('headinclude', $headinclude);  
    $templater->register('footer', $footer);  
    $templater->register('errorlist', $errorlist); 
    $templater->register('reorder', $reorder); 
    $templater->register('ihaveit', $ihaveit); 
    $templater->register('codehasbeenset ', $codehasbeenset ); 
    $templater->register('jqueryurl', $jqueryurl); 
    $reg_ver_start = $templater->render();   
    vB_Template::preRegister('register', array('reg_ver_start' => $reg_ver_start)); 
    $vbulletin->templatecache['register'] = '$reg_ver_start';

Quote:

Originally Posted by fxdigi-cash (Post 2515362)

Yes I posted this on here some time ago also, I did remove the mod when vb.org pulled it because of my thread. I will try what you have suggested..

I downloaded the latest version, but it's not safe:
It has a check to see if it's a string, then there's a strtolower function around it. Then the variable is being used in the query without being sanitized.

You should change the following:

HTML Code:

$email = strtolower($vbulletin->GPC['email']);

HTML Code:

$email = $db->escape_string(strtolower($vbulletin->GPC['email']));

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (2)bbcode_html_printable (2)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01321 seconds Memory Usage 1,815KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (2)bbcode_html_printable (2)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: