Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 16 Sep 2014, 13:13
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Anyone help with this '

Hi Guys

Receiving database errors, when some registers with ' in the email address. Would anyone know how to fix this?


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Dave
__________________
www.nirc.co.uk
Reply With Quote
  #2  
Old 16 Sep 2014, 13:19
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Which plugin are you using which alters the registration process? I think we have a SQL injection vulnerability here.
Reply With Quote
  #3  
Old 16 Sep 2014, 13:22
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
It's that one, that makes you register your email before you can sign up. Give me a sec and I'll find it.



this one? http://www.vbulletin.org/forum/showthread.php?t=294164
__________________
www.nirc.co.uk
Reply With Quote
  #4  
Old 16 Sep 2014, 13:41
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Go to your plugins in the admincp and look for the register_start hook of that plugin.

Find:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Replace with:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote
  #5  
Old 16 Sep 2014, 13:43
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
I'll give that a go now mate cheers
__________________
www.nirc.co.uk
Reply With Quote
  #6  
Old 16 Sep 2014, 13:52
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum...database-error
__________________
Shoot me a PM if I didn't reply in your post when you needed help. I can't remember things easily
Reply With Quote
  #7  
Old 16 Sep 2014, 13:58
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Originally Posted by fxdigi-cash View Post
possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum...database-error
I'm pretty sure vb is his table_prefix.
Reply With Quote
  #8  
Old 16 Sep 2014, 13:58
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
May be I'm reading it wrong....But is that line not already the same as you provided?


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

__________________
www.nirc.co.uk
Reply With Quote
  #9  
Old 16 Sep 2014, 14:00
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Originally Posted by fxdigi-cash View Post
possibly you have an old version of this mod!! because I can't find the table vbuserregcode

I think you need to uninstall the mod and install the latest version of it.

I found similar issue someone else had here:

http://www.vbulletin.com/forum/forum...database-error

Yes I posted this on here some time ago also, I did remove the mod when vb.org pulled it because of my thread. I will try what you have suggested..
__________________
www.nirc.co.uk
Reply With Quote
  #10  
Old 16 Sep 2014, 14:01
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
I downloaded the latest version, but it's not safe:
It has a check to see if it's a string, then there's a strtolower function around it. Then the variable is being used in the query without being sanitized.

You should change the following:


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

to


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Reply With Quote
  #11  
Old 16 Sep 2014, 14:03
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
Originally Posted by Dave View Post
I'm pretty sure vb is his table_prefix.
yah, you are right. didn't notice that...

I guess it is an issue with the mod itself then...

possibly it the same issue as this thread: http://stackoverflow.com/questions/1...l-query-in-php

it is escaping the apostrophes in mysql ... not sure though...
__________________
Shoot me a PM if I didn't reply in your post when you needed help. I can't remember things easily
Reply With Quote
  #12  
Old 16 Sep 2014, 14:09
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
I've uninstalled this mod, is it better to not install this mod again?

Thanks for your help on this one guys
__________________
www.nirc.co.uk
Reply With Quote
  #13  
Old 16 Sep 2014, 14:19
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Not until this vulnerability is fixed. I reported the mod so the creator can fix it.
Reply With Quote
  #14  
Old 16 Sep 2014, 14:20
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Originally Posted by Dave View Post
Not until this vulnerability is fixed. I reported the mod so the creator can fix it.
Cheers Dave, you've been a great help
__________________
www.nirc.co.uk
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 22:18.

Layout Options | Width: Wide Color: