+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Do error messages expose vulnerabillities? (/Thread-Do-error-messages-expose-vulnerabillities)
Pages:
1
2
Do error messages expose vulnerabillities? - Slacker - 01-27-2013
Ok so I am getting this error message and was wondering if it exposed a vulnerability or injection?
MyBB has experienced an internal SQL error and cannot continue.
SQL Error:
126 - Incorrect key file for table './philly_database/mybb_sessions.MYI'; try to repair it
Query:
REPLACE INTO mybb_sessions SET `uid`='14404',`sid`='3ad18756ee67857b0c417be7f3df4b2f',`time`='1359264909',`ip`='70.199.109.200',`location`='/index.php?',`useragent`='Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0',`location1`='0',`location2`='0',`nopermission`='0'
RE: Do error messages expose vulnerabillities? - i0xIllusi0n - 01-27-2013
I don't know how MyBB security is, but there is a type of SQL Injection that is error based.
Just go in PhpMyAdmin and repair mybb_sessions
RE: Do error messages expose vulnerabillities? - Bannedshee - 01-27-2013
That is most likely a vulnerability, and I would suggest removing the part that shows your IP address.
RE: Do error messages expose vulnerabillities? - w00t - 01-27-2013
That isn't a vulnerability, the database is telling you that something went wrong.
RE: Do error messages expose vulnerabillities? - Marvie - 01-28-2013
It should be common sense, seeing as though there is an IP in it.
RE: Do error messages expose vulnerabillities? - i0xIllusi0n - 01-28-2013
(01-28-2013, 12:34 AM)Marvie Wrote: It should be common sense, seeing as though there is an IP in it.
It displays your IP. Not his, not the sites. And just because something displays an IP doesn't mean it's vulnerable.
PHP Code:
<?php
echo $_SERVER['REMOTE_ADDR'];
?>RE: Do error messages expose vulnerabillities? - Slacker - 01-28-2013
'70.199.109.200 = Not my IP lol
Just curious. It is not my site, but would love to see it defaced. I would LOL so hard!
Well I know the site IP is 108.162..196.167, Do you know of any one that is good with MyBB?
RE: Do error messages expose vulnerabillities? - 3SidedSquare - 01-29-2013
MyBB is mostly secure, you're better off waiting around for a 0day to exploit the site before it updates, or tying to look for sites running an old version of MyBB.
RE: Do error messages expose vulnerabillities? - Slacker - 01-29-2013
0 day?
please explain further, like I said I am a noob wanting to learn lol
RE: Do error messages expose vulnerabillities? - i0xIllusi0n - 01-29-2013
(01-29-2013, 02:09 AM)Slacker Wrote: 0 day?
please explain further, like I said I am a noob wanting to learn lol
http://en.wikipedia.org/wiki/Zero-day_attack