EWT Statistics

SloppyGoat

New Member
This is old. I don't even remember what version it was written for. It still seems to work with 3.8.0, but I recently have received two database errors. Can someone who knows what they're doing take a look at it? It looks pretty simple, for someone who knows how to code. (Unfortunately, I don't.)

It shows these statistics on the the forumhome page, which is nice to have. (See image)

This is the error I received. Possibly just some small variable change or something?

Database error in vBulletin 3.8.0:

Invalid SQL:

INSERT INTO ewt_statistics
(uid, sectionid, thisscript, ipaddy, useragent)
VALUES
(0, 0, 'index', '205.196.222.10', '<a href='http://db2-sql.blogspot.com'> DB DB2 ODBC</a> [email protected]');

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://db2-sql.blogspot.com'> DB DB2 ODBC</a> [email protected]')' at line 4
Error Number : 1064
Request Date : Monday, January 26th 2009 @ 03:43:53 PM
Error Date : Monday, January 26th 2009 @ 03:43:53 PM
Script : *Removed URL*
Referrer :
IP Address : 205.196.222.10
Username : Unregistered
Classname : vB_Database
MySQL Version :
 
I've been informed by someone at vb.org that this hack has an exploit. You may not want to use it. Although, I've been using it for nearly 3 million hits and never had any problems until now.
 
(0, 0, 'index', '205.196.222.10', '<a href='http://db2-sql.blogspot.com'> DB DB2 ODBC</a> [email protected]');

on the 5th column reads

<a href=

and then unexpected literals.

Of course, here I'm kind of confused because why would they embed an anchor in a useragent's name?

Fixes:
Filter out all of the services that requires a " ' " and replace them with " & #39; " (Without the space)
or
email [email protected] and tell them to use a proper Useragent name.
 
I'm sorry, but I'm not a coder. I wouldn't know where to start. Could anyone help me out with this? I'll email the support address, but this is so old, I doubt I'll get any reply.
 
Back
Top