Thread: Add-On Releases - Post Edit History (PEH)
View Single Post
  #55  
Old 01-08-2007, 08:01 PM
Jackal von ?RF's Avatar
Jackal von ?RF Jackal von ?RF is offline
 
Join Date: May 2002
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = fda WHERE postid = 354660;

MySQL Error  : Unknown column 'fda' in 'field list'
Error Number : 1054
Date         : Monday, January 8th 2007 @ 11:59:09 PM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=5
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
This has not yet been fixed in v1.2.2. Also, the value needs to be escaped. If only single quotes are added to the query, it will make the database vulnerable to SQL injection attack:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
UPDATE vb_editlog SET reason = 'aa ' bee' WHERE postid = 354660;

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'bee' WHERE postid = 354660' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:03:10 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=6
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database
I also found that the rest of your the code is vulnerable to SQL injection attacks. You must ALWAYS escape EVERY parameter that is put to an SQL query:
Code:
Database error in vBulletin 3.6.4:

Invalid SQL:
INSERT INTO vb_editlog (postid, userid, username, dateline, reason) VALUES('354660', '468', 'Jackal von ?RF', '1168294059', 'a ' b');

MySQL Error  : You have an error in your SQL syntax.  Check the manual that corresponds to your MySQL server version for the right syntax to use near 'b')' at line 1
Error Number : 1064
Date         : Tuesday, January 9th 2007 @ 12:07:39 AM
Script       : http://foorumit.fffin.com/edithistory.php?do=restore&editid=12
Referrer     : 
IP Address   : x.x.x.x
Username     : Jackal von ?RF
Classname    : vb_database

I've attached a version of edithistory.php where the above security holes have been fixed.

All users of PEH 1.2.2 (and below) are STRONGLY RECOMMENDED to apply this patch, or disable PEH.


PS: I noticed that there are more detailed instructions for installing PEH at http://www.my-vb.org/board/showthread.php?t=236 (fortunately I can read German, I'm worried about everybody else ). Could you also make the English instructions more detailed? Also, please include the instructions as a text file to the ZIP file, so that it would not be necessary to read this thread for the instructions.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01214 seconds
  • Memory Usage 1,769KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete