News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Hacking attempt...

Started by Awilum, October 11, 2010, 10:52:48 AM

Previous topic - Next topic

Awilum

I have message Hacking attempt... on this query:

$db_result = $smcFunc['db_query']('',"SELECT DISTINCT *,(select GROUP_CONCAT(`tag_name`) as `tag_name` from {db_prefix}snippets_tags where {db_prefix}snippets_tags.snippet_id = {db_prefix}snippets.id) as tag_name
FROM {db_prefix}snippets
LEFT JOIN {db_prefix}snippets_syntax ON {db_prefix}snippets.syntax_id={db_prefix}snippets_syntax.id");


why?
Web Development Art - Programming :: Design :: SEO
| My web projects |

Awilum

#1
and why if i do  print_r($context['all_snippets']);

i dont see only data  and query to


Array (
  • => Array ( [id] => 1 [subject] => Eigenes Dashboard Widget In Wordpress [syntax_id] => 1 [author_id] => 1 [content] => $mysql = mysql_connect($db_hostname,$db_username,$db_password); mysql_select_db($db_database); mysql_query ("SET NAMES {$db_char_set}"); mysql_query ("set character_set_client='{$db_char_set}'"); mysql_query ("set character_set_results='{$db_char_set}'"); mysql_query ("set collation_connection='{$db_dbcollat}'"); [date] => 1286805969 [tag_name] => code [snippet_id] => 1 [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => code,site,bug,xdebug ) [1] => Array ( [id] => 3 [subject] => Image Resizer (Thumbnail Generator) [syntax_id] => 1 [author_id] => 1 [content] => function snippets_main() {    $context; get_all_snippets(); loadTemplate('snippets'); } [date] => 1286805997 [tag_name] => var [snippet_id] => 2 [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => var ) [2] => Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; } $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => ) )


Web Development Art - Programming :: Design :: SEO
| My web projects |

Awilum

smf is strange
I just wrote

$result = mysql_query("SELECT *, GROUP_CONCAT(t.tag_name SEPARATOR ',') FROM smf_snippets AS p LEFT JOIN smf_snippets_tags as t ON p.id = t.snippet_id GROUP BY 1");
   if (!$result) {die('Invalid query: ' . mysql_error()); }
   while ($row = mysql_fetch_assoc($result)) {
         $f = $row;
   }         
   
print_r($f);

and I have

Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; }    $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => )

******.... what is that ? why ?   


Array ( [id] => [subject] => Calculate Distance [syntax_id] => 1 [author_id] => 1 [content] => $context['articles_cat'] = array(); while ($row = $smcFunc['db_fetch_assoc']($db_result)) { $context['all_snippets'][] = $row; }    $smcFunc['db_free_result']($dbresult);    [date] => 1286806008 [tag_name] => [snippet_id] => [GROUP_CONCAT(t.tag_name SEPARATOR ',')] => )
Web Development Art - Programming :: Design :: SEO
| My web projects |

KensonPlays

Please do not triple post. Edit previous posts.

"Hacking Attempt..." might be file permission errors, syntax errors, or someone IS trying to hack your site.

also, What SMF version?

Owner of Mesozoic Haven

vbgamer45

SMF does not allow sub queries by default unless you disable query check security.
Example add this line before you call your query

$modSettings['disableQueryCheck'] = 1;


Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Yung Roger

What i have found sub queries are not allowed..
I have tried but the error is same..
Are they allowed..??
stickers printing [nofollow] folders printing [nofollow]

Awilum

>also, What SMF version?

SMF 2.0 RC3
Web Development Art - Programming :: Design :: SEO
| My web projects |

vbgamer45

I posted two posts how to get around query restrictions. SMF restricts certain mysql functions that are not used in SMF's code base to help prevent sql injection.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Advertisement: