DavidGuetl
commented
7 years ago Also folgendes:
- Wie ich hier sehe, wurde der Fehler durch einen Gast herbei geführt.
- Die IP-Adresse findest du auch hier in der Fehlermeldung, sofort bannen!!
- Ich habe den Fehler ebenfalls versucht auf deiner Seite herbeizuführen (und ist auch gelungen).
- Bitte sende mir dringenst alle aktuellen Dateien der Figurendatenbank zur Behebung.
Kurz Gesagt, irgendjemand hat es auf dich zu 100% abgesehen. Hierbei handelt es sich um einen eindeutigen Hack-Versuch über eine SQL Injection.
Catzenjaeger
UnrealCatze
Query Error: SELECT fc.figure_cat_id, fc.figure_cat_name, COUNT(f.figure_id) AS figure_counter FROM fusion62825_figure_items AS f LEFT JOIN fusion62825_figure_cats AS fc ON fc.figure_cat_id=f.figure_cat WHERE f.figure_language='English' AND f.figure_series LIKE '%1%' AND f.figure_variant LIKE '%1%' AND f.figure_pubdate LIKE '%-1'%' AND f.figure_scale='1' AND f.figure_brand='1' AND f.figure_visibility = 0 AND f.figure_freigabe='1' GROUP BY fc.figure_cat_id ORDER BY fc.figure_cat_name ASC Stack Trace: #0 /var/www/vhosts/xxxxxxxxxxxxx.com/httpdocs/site/includes/classes/PHPFusion/Database/Driver/PDOMySQL.inc(63): PDO->prepare('????SELECT?????...') #1 /var/www/vhosts/xxxxxxxxxxx.com/httpdocs/site/includes/classes/PHPFusion/Database/AbstractDatabaseDriver.inc(300): PHPFusion\Database\Driver\PDOMySQL->_query('????SELECT?????...', Array) #2 /var/www/vhosts/xxxxxxxxxxxxx.com/httpdocs/site/includes/db_handlers/all_functions_include.php(112): PHPFusion\Database\AbstractDatabaseDriver->query('????SELECT?????...', Array) #3 /var/www/vhosts/xxxxxxxxxxxxxx.com/httpdocs/site/infusions/figurelib/includes/figures.class.php(172): dbquery('????SELECT?????...') #4 /var/www/vhosts/xxxxxxxxxxxx.com/httpdocs/site/infusions/figurelib/includes/figures.class.php(902): FigurelibFrontedList->displayCategoriesList() #5 /var/www/vhosts/xxxxxxxxxxxxxx.com/httpdocs/site/infusions/figurelib/figures.php(13): FigurelibFrontedList->displayFigurelib() #6 {main} Error Nature: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%' AND f.figure_scale='1' AND f.figure_brand='1' AND f.figure_vis' at line 11 Line: 71 File -- Database/Driver/PDOMySQL.inc On Page -- infusions/figurelib/figures.php?brand_id=1&scale_id=1&series=1&variant=1&pubdate=-1%27&p-submit-searchtext=go&filter-display=1 Generated by User-Level: 0 -- IP: 112.113.66.235 on December 16 2016 06:00:10 Mark As Source code (Line: 61 - 81) 61 public function _query($query, array $parameters = array()) { 62 try { 63 $result = $this->connection->prepare($query); 64 foreach ($parameters as $key => $parameter) { 65 $result->bindValue($key, $parameter, self::$paramTypeMap[self::getParameterType($parameter)]); 66 } 67 $result->execute(); 68
69 return $result; 70 } catch (PDOException $e) { 71 trigger_error("Query Error: ".$query."
Stack Trace: ".$e->getTraceAsString()."
Error Nature: ".$e->getMessage(), E_USER_NOTICE); 72 return FALSE; 73 } 74 } 75
76 /* 77 Count the number of rows in a table filtered by conditions 78 79 @param string $field Parenthesized field name 80 @param string $table Table name 81 @param string $conditions conditions after "where" 82