The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Anyone help with this '
Hi Guys
Receiving database errors, when some registers with ' in the email address. Would anyone know how to fix this? PHP Code:
|
#2
|
|||
|
|||
Which plugin are you using which alters the registration process? I think we have a SQL injection vulnerability here.
|
#3
|
||||
|
||||
It's that one, that makes you register your email before you can sign up. Give me a sec and I'll find it.
this one? https://vborg.vbsupport.ru/showthread.php?t=294164 |
#4
|
|||
|
|||
Go to your plugins in the admincp and look for the register_start hook of that plugin.
Find: Code:
$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '$email'"); Code:
$emailalreadyused = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "userregcode WHERE userregemail = '" . $db->escape_string($email) . "'"); |
Благодарность от: | ||
Disco_Dave |
#5
|
||||
|
||||
I'll give that a go now mate cheers
|
#6
|
|||
|
|||
possibly you have an old version of this mod!! because I can't find the table vbuserregcode
I think you need to uninstall the mod and install the latest version of it. I found similar issue someone else had here: http://www.vbulletin.com/forum/forum...database-error |
#7
|
|||
|
|||
Quote:
|
#8
|
||||
|
||||
May be I'm reading it wrong....But is that line not already the same as you provided?
PHP Code:
|
#9
|
||||
|
||||
Quote:
Yes I posted this on here some time ago also, I did remove the mod when vb.org pulled it because of my thread. I will try what you have suggested.. |
#10
|
|||
|
|||
I downloaded the latest version, but it's not safe:
It has a check to see if it's a string, then there's a strtolower function around it. Then the variable is being used in the query without being sanitized. You should change the following: HTML Code:
$email = strtolower($vbulletin->GPC['email']); HTML Code:
$email = $db->escape_string(strtolower($vbulletin->GPC['email'])); |
Благодарность от: | ||
tbworld |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|