The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Mysterious database error
Hi-
I am running vB 4.1.3 and have been for a year now. I have never encountered any type of database error, but recently I received - via email - the following: Database error in vBulletin 4.1.3: Invalid SQL: SELECT socialgroupcategory.title FROM socialgroupcategory AS socialgroupcategory WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select username from user where userid=6 and row(1,1)>(select count(*),concat( (select user.username) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*); MySQL Error : Duplicate entry 'lehlom:1' for key 'group_key' Error Number : 1062 Request Date : Saturday, April 14th 2012 @ 01:17:57 PM Error Date : Saturday, April 14th 2012 @ 01:17:57 PM Script : http://www.russiancarclub.com/forum/...php?do=process Referrer : IP Address : 212.75.216.254 Username : Unregistered Classname : vB_Database_MySQLi MySQL Version : Anyone ever seen this before? BTW, I read the recent article regarding a separate database error and ran the suspect files diagnostic per Lynn's recommendation. However I didn't see anything suspicious, just files that are a part of my add-ons. And that list consists of: Article Forum Attachment Gallery Auto Database Backup Change Posts Owner Cinvin GlowHost LAM MARCO1 Members who have visited Picture and Album Gallery Reply to All - PM Skimlinks Spiders Display VB Pro Garage vBa Thanks! Jerry |
#2
|
|||
|
|||
admincp/Groups/Group Categories
check there for the error |
#3
|
|||
|
|||
Looks like that's caused by someone trying to exploit a security issue that's been fixed in later versions. One change that was made (I assume) to fix it is in packages/vbforum/search/socialgroupmessage.php, around line 511, the parts in red were added:
Code:
protected $type_globals = array ( 'nocache' => TYPE_UINT, 'messagegroupid' => TYPE_ARRAY_UINT, 'categoryid' => TYPE_ARRAY_UINT ); I can't guarantee that's the only change needed (or that there aren't other security issues with that version), so it's probably best to update to the latest version when you can. |
#4
|
|||
|
|||
Yeah I need to upgrade, just no time to work on it considering the number of add-ons that I have installed and the (potential) need to update each one of them...
I'll get around to it. No repeat of this error since then, so hopefully all is well. Thank you for the feedback! |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|