Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 15 May 2007, 07:28
j0rd j0rd is offline
 
Join Date: May 2006
Potencial VBul MySQL injection?

I got this database error emailed to me today.

Database error in vBulletin 3.6.5:

Invalid SQL:

SELECT user.avatarid, user.avatarrevision, avatarpath, NOT ISNULL(customavatar.userid) AS hascustom, customavatar.dateline,
customavatar.width, customavatar.height
FROM user AS user
LEFT JOIN avatar AS avatar ON avatar.avatarid = user.avatarid
LEFT JOIN customavatar AS customavatar ON customavatar.userid = user.userid
WHERE user.userid = cc;

MySQL Error : Unknown column 'cc' in 'where clause'
Error Number : 1054
Date : Monday, May 14th 2007 @ 10:13:45 PM
Script : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
Referrer : http://fnk.ca/board/private.php?s=&pp=&folderid=-1
IP Address : 74.98.103.xxx
Username : F*r*a*
Classname : vb_database
Tracked the code down. It's in this file: includes/functions_user.php

The code in question is:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Which i then changed to:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Not sure what code is calling it with the bad error, but i don't really care, the field should be scrubbed anyways before it's passed to the query.


Please comment

Last edited by j0rd; 15 May 2007 at 07:32.
Reply With Quote
  #2  
Old 15 May 2007, 18:43
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Real name: Scot
Users have no way to change the $userid variable passed into the function (as far as I'm aware), the only real exploit really is if someone made an addon where users could, or forcefully tried to exploit that function.

But, for stock vBulletin, it's perfectly safe

- Zero Tolerance
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 05:18.

Layout Options | Width: Wide Color: