Welcome to Geeklog, Anonymous Monday, April 29 2024 @ 06:09 am EDT

Geeklog Forums

Webservices exploit

New Topic Post Reply

05/18/09 07:15am (Read 1,144 times)

Status: offline

LWC

Forum User

Full Member

Registered: 02/19/04

Posts: 818

Could Webservices exploit, that was fixed in Geeklog 1.5.2sr3, be related to this error.log errors I got in one of my sites in April:

Text Formatted Code
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''' AND ((remoteservice is null) or (remoteservice = ''))' at line 1. SQL in question: SELECT status, passwd, email, uid FROM gl_users WHERE username=''' AND ((remoteservice is null) or (remoteservice = ''))

(and at the same second)

Text Formatted Code
1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*' AND ((remoteservice is null) or (remoteservice = ''))' at line 1. SQL in question: SELECT status, passwd, email, uid FROM gl_users WHERE username='' AND 0 UNION SELECT 3,MD5('AAAA'),null,2 FROM gl_users LIMIT 1/*' AND ((remoteservice is null) or (remoteservice = ''))

4 3 Quote

05/18/09 07:33am

Status: offline

Dirk

Site Admin

Admin

Registered: 01/12/02

Posts: 13073

Location:Stuttgart, Germany

Yep, those look like (failed) attempts to exploit it.

bye, Dirk

3 4 Quote

New Topic Post Reply

All times are EDT. The time is now 06:09 am.

Normal Topic
Sticky Topic
Locked Topic

New Post
Sticky Topic W/ New Post
Locked Topic W/ New Post

View Anonymous Posts
Able to post
Filtered HTML Allowed
Censored Content

Geeklog Forums

Webservices exploit

LWC

Dirk

Search

Resources

About

Getting started

Support

Development

Topics

User Functions

What's New

Articles last 4 weeks

Comments last 4 weeks

Pages last 4 weeks

Links last 4 weeks

Downloads last 4 weeks