Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
Reload this Page Anyone know what this weird error is?
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 12-19-2013, 06:44 AM
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Location: Belfast
Posts: 586
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Anyone know what this weird error is?
We haven't had any errors in awhile, just seems strange.

PHP Code:
Database error in vBulletin 4.2.2:

Invalid SQL:
SELECT FROM vbuserregcode WHERE userregemail 'bell_o'reily9215@internetmarketerthemes.com';

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'reily9215@internetmarketerthemes.com'' at line 1
Error Number  1064
Request Date  WednesdayDecember 18th 2013 11:27:55 PM
Error Date    WednesdayDecember 18th 2013 11:27:57 PM
Script        http://www.nirc.co.uk/forums/joiningthenirc.php
Referrer      https://www.nirc.co.uk/forums/joiningthenirc.php?
IP Address    23.231.103.163
Username      Unregistered
Classname     vB_Database_MySQLi
MySQL Version 
Reply With Quote
  #2  
Old 12-19-2013, 07:05 AM
billstelling's Avatar
billstelling billstelling is offline
 
Join Date: Apr 2011
Posts: 246
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
'bell_o'reily9215@internetmarketerthemes.com'

that is causing the error code. the ' mark.
Reply With Quote
  #3  
Old 12-19-2013, 07:08 AM
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Location: Belfast
Posts: 586
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by billstelling View Post
'bell_o'

that is causing the error code. the ' marks
Any idea on how to fix this? Thanks for the reply.
Reply With Quote
  #4  
Old 12-19-2013, 07:12 AM
billstelling's Avatar
billstelling billstelling is offline
 
Join Date: Apr 2011
Posts: 246
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
take the ' out of the email address. he will have to use another email to join nirc.
Reply With Quote
Благодарность от:
Disco_Dave
  #5  
Old 12-19-2013, 05:37 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Or fix the query to accept the ' (use addslashes(htmlspecialchars_uni ? Sorry, it's been a while since I've done that.)
Reply With Quote
  #6  
Old 12-19-2013, 09:25 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You're not sanitizing your inputs, that file is just ready to bust out some nearly nasty SQLi
Reply With Quote
Благодарность от:
nhawk
  #7  
Old 12-19-2013, 10:38 PM
vBNinja's Avatar
vBNinja vBNinja is offline
 
Join Date: May 2011
Location: USA
Posts: 239
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I highly recommend you get someone who knows how to securely handle queries to fix your code because as it is, anyone can easily drop any table in your database.

If you're the one one that coded it, simply pass your email variable through the $vbulletin->db->escape_string() function
Reply With Quote
  #8  
Old 12-19-2013, 10:48 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The ip belongs to a spam bot i see
Reply With Quote
  #9  
Old 12-19-2013, 10:57 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If this code is vulnerable, then the mod needs to be grave yarded, https://vborg.vbsupport.ru/showthread.php?t=294164

--------------- Added [DATE]1387505631[/DATE] at [TIME]1387505631[/TIME] ---------------

Which I see it now is, 'quarantined'
Reply With Quote
Благодарность от:
CAG CheechDogg
  #10  
Old 12-20-2013, 01:16 AM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
  
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes I have quarantined the mod and informed the author of a security issue. I recommend anyone with this mod installed, disable it in product manager until an update is released.
Reply With Quote
Благодарность от:
ozzy47
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 11:05 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.07485 seconds
  • Memory Usage 2,262KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (4)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete