PaulB
Well-known member
- Affected version
- 2.2.8.0
The following URL will result in a 404 with MariaDB but an exception with MySQL 8.0.x: https://xenforo.com/community/help/%c0a Furthermore, the exception may fail to log to the database and third-party monitoring services (in our case, Datadog).
This tends to be triggered often by vulnerability scanners such as Acunetix. Since it results in a lot of 500 errors, it can result in people being woken up by automated systems at ungodly hours.
Note that %c0a is invalid UTF-8. Replace <invalid UTF-8> in the following error message with the raw bytes from the URL.
This tends to be triggered often by vulnerability scanners such as Acunetix. Since it results in a lot of 500 errors, it can result in people being woken up by automated systems at ungodly hours.
Note that %c0a is invalid UTF-8. Replace <invalid UTF-8> in the following error message with the raw bytes from the URL.
Code:
[error] 139#139: *136378 FastCGI sent in stderr: "PHP message: XenForo unexpected DB error
MySQL statement prepare error [1267]: Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8mb4_0900_ai_ci,COERCIBLE) for operation '=' in src/XF/Db/AbstractStatement.php on line 230
SELECT `xf_help_page`.*
FROM `xf_help_page`
LEFT JOIN `xf_addon` AS `xf_addon_AddOn_1` ON (`xf_addon_AddOn_1`.`addon_id` = `xf_help_page`.`addon_id`)
WHERE (`xf_help_page`.`page_name` = '<invalid UTF-8>') AND (`xf_help_page`.`active` = 1) AND ((`xf_addon_AddOn_1`.`active` = 1) OR (`xf_help_page`.`addon_id` = ''))
LIMIT 1
------------
#0 src/XF/Db/Mysqli/Statement.php(198): XF\Db\AbstractStatement->getException('MySQL statement...', 1267, 'HY000')
#1 src/XF/Db/Mysqli/Statement.php(41): XF\Db\Mysqli\Statement->getException('MySQL statement...', 1267, 'HY000')
#2 src/XF/Db/Mysqli/Statement.php(56): XF\Db\Mysqli\Statement->prepare()