Deciphering Database Error Messages

Pigoo · May 26, 2020

Occasionally I receive "Database Error" emails from my website. Can anyone please decipher what the database error messages below mean? If there isn't an exact answer (reason could be more than one specific thing)...educated guess's welcome. Thanks

Example Database Error #1:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name/**/and/**/cast(md5('1256506994')as/**/int)>0';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1256506994')as/**/int)>0'' at line 1
Error Number : 1064
Request Date : Tuesday, May 26th 2020 @ 05:12:11 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:12 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :

Example Database Error #2:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name'and/**/extractvalue(1,concat(char(126),md5(1917829620)))and'';

MySQL Error : XPATH syntax error: '~090ce1343bcdb341611888208837...'
Error Number : 1105
Request Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :

MagicalAzareal · May 26, 2020

It looks like someone is trying to hack into your site via SQL Injections.

vbgamer45 · May 27, 2020

I would advise update to newer software or different software asap that doesn't look safe errors like that shouldn't happen....

Doug Heffernan · May 27, 2020

What software are you using for your website?

we_are_borg · May 27, 2020

ips_doug said:
What software are you using for your website?

its in the error message he posted vBulletin 4.2.5

Doug Heffernan · May 27, 2020

we_are_borg said:
its in the error message he posted vBulletin 4.2.5

Thanks, I missed that.

Pigoo, does vb has a field called compromised_pw in the user table by default, or is it something that has been added by a custom mod?

User37935 · May 27, 2020

As ips_doug says I would be looking to see if that compromised_pw field is supposed to be there. It can't be a common error as Google doesn't seem to have any results for anyone else. Maybe some add-on related to user accounts, passwords or security put it there?

It might not be malicious but on the other hand it could be.

mysiteguy · May 27, 2020

VB does not have a field called compromised_pw in the user table (or anywhere, for that matter). The only way this query could possibly run is:

1. If your site has had inserted PHP (perhaps through the plugin system) and it's running a query which is looking for that field.
Or
2. If there's a zero-day SQL insertion security issue in the wild for VB 4.x.

The IP address the fetch is coming from raises more red flags. It's a server in the Netherlands, not a human being, that's initiating the login page request.

Deciphering Database Error Messages

Pigoo

Enthusiast

MagicalAzareal

Magical Developer

vbgamer45

Adherent

Doug Heffernan

Enthusiast

we_are_borg

Administrator

Doug Heffernan

Enthusiast

User37935

Neophyte

mysiteguy

Migration Expert