Deciphering Database Error Messages

Pigoo

Enthusiast
Joined
Aug 20, 2018
Messages
240
Occasionally I receive "Database Error" emails from my website. Can anyone please decipher what the database error messages below mean? If there isn't an exact answer (reason could be more than one specific thing)...educated guess's welcome. Thanks:)


Example Database Error #1:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name/**/and/**/cast(md5('1256506994')as/**/int)>0';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1256506994')as/**/int)>0'' at line 1
Error Number : 1064
Request Date : Tuesday, May 26th 2020 @ 05:12:11 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:12 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :


Example Database Error #2:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name'and/**/extractvalue(1,concat(char(126),md5(1917829620)))and'';

MySQL Error : XPATH syntax error: '~090ce1343bcdb341611888208837...'
Error Number : 1105
Request Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :
 

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
758
It looks like someone is trying to hack into your site via SQL Injections.
 

vbgamer45

Adherent
Joined
Sep 22, 2005
Messages
282
I would advise update to newer software or different software asap that doesn't look safe errors like that shouldn't happen....
 

User37935

Neophyte
Joined
May 4, 2011
Messages
0
As ips_doug says I would be looking to see if that compromised_pw field is supposed to be there. It can't be a common error as Google doesn't seem to have any results for anyone else. Maybe some add-on related to user accounts, passwords or security put it there?

It might not be malicious but on the other hand it could be.
 

mysiteguy

Migration Expert
Joined
Feb 20, 2007
Messages
3,175
VB does not have a field called compromised_pw in the user table (or anywhere, for that matter). The only way this query could possibly run is:

1. If your site has had inserted PHP (perhaps through the plugin system) and it's running a query which is looking for that field.
Or
2. If there's a zero-day SQL insertion security issue in the wild for VB 4.x.

The IP address the fetch is coming from raises more red flags. It's a server in the Netherlands, not a human being, that's initiating the login page request.
 
Top