vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Help with post sanitation causing 500 error (https://vborg.vbsupport.ru/showthread.php?t=325515)

Tipmoose 08-17-2017 01:20 AM
Help with post sanitation causing 500 error
 
I'm trying to understand how input sanitation is supposed to work with vBulletin 4.2.4. What I am seeing is that currently whenever someone posts a message to my forum that contains specific reserved SQL keywords (ex select, drop etc) when they preview the post or attempt to actually post it, they will get an internal error 500 error. This happens with innocuous strings like "I selected the apple from the tree" or "I dropped the table on my foot". Remove the 'select', 'from', 'drop' or 'table' and the message posts fine.

Dave 08-17-2017 01:25 AM
By default, vBulletin does not have such kind of firewall in place. It's probably something like ModSecurity in Apache or another kind of WAF that's doing this.

Stingray27 08-17-2017 04:37 AM
See the answer on vbulletin.com.

Cross posting across both sites isnt helpful.

Tipmoose 08-17-2017 08:48 AM
Quote:
Originally Posted by Stingray27 (Post 2589406)
See the answer on vbulletin.com.

Cross posting across both sites isnt helpful.

Sorry. Didn't mean to be unhelpful. To be honest, I didn't expect vbulletin.com to be very responsive since there were several threads on there with no replies and the traffic seemed low. My mistake. Won't do it again.


Steve

--------------- Added [DATE]1503025935[/DATE] at [TIME]1503025935[/TIME] ---------------

The problem was indeed ModSecurity. In particular SecRule 300015. Adding an entry to /usr/local/apache/conf/modsec2/whitelist.conf to disable that rule for certain php scripts fixed the problem.

See: https://www.mkyong.com/blog/mod_secu...-in-wordpress/


All times are GMT. The time now is 10:06 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00942 seconds
  • Memory Usage 1,714KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete