Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-15-2012, 05:40 PM
av8or1 av8or1 is offline
 
Join Date: Mar 2011
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Mysterious database error

Hi-

I am running vB 4.1.3 and have been for a year now. I have never encountered any type of database error, but recently I received - via email - the following:

Database error in vBulletin 4.1.3:

Invalid SQL:

SELECT socialgroupcategory.title
FROM socialgroupcategory AS socialgroupcategory
WHERE socialgroupcategory.socialgroupcategoryid IN (-99) union select username from user where userid=6 and row(1,1)>(select count(*),concat( (select user.username) ,0x3a,floor(rand(0)*2)) x from (select 1 union select 2 union select 3)a group by x limit 1) -- /*);

MySQL Error : Duplicate entry 'lehlom:1' for key 'group_key'
Error Number : 1062
Request Date : Saturday, April 14th 2012 @ 01:17:57 PM
Error Date : Saturday, April 14th 2012 @ 01:17:57 PM
Script : http://www.russiancarclub.com/forum/...php?do=process
Referrer :
IP Address : 212.75.216.254
Username : Unregistered
Classname : vB_Database_MySQLi
MySQL Version :

Anyone ever seen this before? BTW, I read the recent article regarding a separate database error and ran the suspect files diagnostic per Lynn's recommendation. However I didn't see anything suspicious, just files that are a part of my add-ons. And that list consists of:

Article Forum
Attachment Gallery
Auto Database Backup
Change Posts Owner
Cinvin
GlowHost
LAM
MARCO1
Members who have visited
Picture and Album Gallery
Reply to All - PM
Skimlinks
Spiders Display
VB Pro Garage
vBa

Thanks!

Jerry
Reply With Quote
  #2  
Old 04-15-2012, 07:15 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

admincp/Groups/Group Categories
check there for the error
Reply With Quote
  #3  
Old 04-15-2012, 07:17 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Looks like that's caused by someone trying to exploit a security issue that's been fixed in later versions. One change that was made (I assume) to fix it is in packages/vbforum/search/socialgroupmessage.php, around line 511, the parts in red were added:

Code:
	protected $type_globals = array (
		'nocache'            => TYPE_UINT,
		'messagegroupid'     => TYPE_ARRAY_UINT,
		'categoryid'         => TYPE_ARRAY_UINT
	);

I can't guarantee that's the only change needed (or that there aren't other security issues with that version), so it's probably best to update to the latest version when you can.
Reply With Quote
  #4  
Old 05-03-2012, 04:30 PM
av8or1 av8or1 is offline
 
Join Date: Mar 2011
Posts: 58
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah I need to upgrade, just no time to work on it considering the number of add-ons that I have installed and the (potential) need to update each one of them...

I'll get around to it. No repeat of this error since then, so hopefully all is well.

Thank you for the feedback!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:35 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06639 seconds
  • Memory Usage 2,189KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (4)postbit
  • (4)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete