Hacker bot persistently climbs in /dbtreview.php?do=ajax&act=front_select
In the words "select" (so I set) triggered "die" and sends the report by email.
It's thousands emails with the request /dbtreview.php?do=ajax&act=front_select
Disable scanning "select"
If you go /dbtreview.php?do=ajax&act=front_select
Option, which will remove the database error
dbtech/review/includes/class_module.php
below to add
no database errors
//
It would be super if you have removed the word "select" from the product.
//
Many where not valid code is used...
dbtech/review/includes/class_module.php
It starts with option ends options
extra s of 8 lines
navbar
dbtreview.php?ri=review&do=main
there are many &, not only in navbar
:RpS_wink:
In the words "select" (so I set) triggered "die" and sends the report by email.
It's thousands emails with the request /dbtreview.php?do=ajax&act=front_select
Disable scanning "select"
If you go /dbtreview.php?do=ajax&act=front_select
Code:
Invalid SQL:
SELECT
rr.*,
rc.catname,
u.username
FROM dbtech_review_reviews rr
LEFT JOIN dbtech_review_categories rc ON rr.catid = rc.catid
LEFT JOIN user u ON rr.userid = u.userid
WHERE
rr.instanceid = 1 &&
((rr.approved = 1) || ((rr.userid = 1) && (rr.approved = 0))) &&
rr.catid IN (0,0) &&
rr.deleted = 0 &&
rr.pub_date < 1487452705
ORDER BY
LIMIT
0, 5;
MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT
0, 5' at line 16
Option, which will remove the database error
dbtech/review/includes/class_module.php
Code:
switch($sort)
{
case 'newest':
$orderby = 'rr.reviewid DESC';
break;
case 'highest':
$orderby = 'rr.user_rating_weight DESC, rr.reviewid DESC';
break;
case 'comment':
$orderby = 'rr.comm_count DESC, rr.reviewid DESC';
break;
case 'username':
$orderby = 'u.username, rr.reviewid DESC';
break;
Code:
default:
$orderby = 'rr.reviewid DESC';
//
It would be super if you have removed the word "select" from the product.
//
Many where not valid code is used...
dbtech/review/includes/class_module.php
Code:
<option value=\"newest\" selected>" . $vbphrase['dbtech_review_sort_latest'] . "</options>
extra s of 8 lines
navbar
dbtreview.php?ri=review&do=main
there are many &, not only in navbar
:RpS_wink:
Upvote
0