Deciphering Database Error Messages

[Pigoo]

Occasionally I receive "Database Error" emails from my website. Can anyone please decipher what the database error messages below mean? If there isn't an exact answer (reason could be more than one specific thing)...educated guess's welcome. Thanks


Example Database Error #1:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name/**/and/**/cast(md5('1256506994')as/**/int)>0';

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1256506994')as/**/int)>0'' at line 1
Error Number : 1064
Request Date : Tuesday, May 26th 2020 @ 05:12:11 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:12 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :


Example Database Error #2:

Database error in vBulletin 4.2.5:

Invalid SQL:
SELECT compromised_pw FROM user WHERE username = 'User Name'and/**/extractvalue(1,concat(char(126),md5(1917829620)))and'';

MySQL Error : XPATH syntax error: '~090ce1343bcdb341611888208837...'
Error Number : 1105
Request Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Error Date : Tuesday, May 26th 2020 @ 05:12:05 PM
Script :http://www.example.com/forums/login.php?do=login
Referrer :https://www.example.com/forums/
IP Address : 89.248.173.8
Username :
Classname : vB_Database_MySQLi
MySQL Version :
Server :
User Agent :

 

[MagicalAzareal]

It looks like someone is trying to hack into your site via SQL Injections.

 

[vbgamer45]

I would advise update to newer software or different software asap that doesn't look safe errors like that shouldn't happen....

 

[Doug Heffernan]

What software are you using for your website?

 

[we_are_borg]

What software are you using for your website?

its in the error message he posted vBulletin 4.2.5

 

[Doug Heffernan]

its in the error message he posted vBulletin 4.2.5

Thanks, I missed that.

Pigoo, does vb has a field called compromised_pw in the user table by default, or is it something that has been added by a custom mod?

 

[User37935]

As ips_doug says I would be looking to see if that compromised_pw field is supposed to be there. It can't be a common error as Google doesn't seem to have any results for anyone else. Maybe some add-on related to user accounts, passwords or security put it there?

It might not be malicious but on the other hand it could be.

 

[mysiteguy]

VB does not have a field called compromised_pw in the user table (or anywhere, for that matter). The only way this query could possibly run is:

1. If your site has had inserted PHP (perhaps through the plugin system) and it's running a query which is looking for that field.
Or
2. If there's a zero-day SQL insertion security issue in the wild for VB 4.x.

The IP address the fetch is coming from raises more red flags. It's a server in the Netherlands, not a human being, that's initiating the login page request.