• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Duplicate  Rebuild search index potential SQL injection?

#1
Got this while rebuilding indexes after an import. It seems to have hit a post with a :p in it.

Invalid bind-variable name ':p'

  1. [*]Zend_Db_Statement->_parseParameters() in Zend/Db/Statement.php at line 114
    [*]Zend_Db_Statement->__construct() in Zend/Db/Adapter/Mysqli.php at line 381
    [*]Zend_Db_Adapter_Mysqli->prepare() in Zend/Db/Adapter/Abstract.php at line 478
    [*]Zend_Db_Adapter_Abstract->query() in XenForo/Search/SourceHandler/MySqlFt.php at line 117
    [*]XenForo_Search_SourceHandler_MySqlFt->_pushToIndex() in XenForo/Search/SourceHandler/MySqlFt.php at line 65
    [*]XenForo_Search_SourceHandler_MySqlFt->insertIntoIndex() in XenForo/Search/Indexer.php at line 44
    [*]XenForo_Search_Indexer->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 47
    [*]XenForo_Search_DataHandler_Post->_insertIntoIndex() in XenForo/Search/DataHandler/Abstract.php at line 227
    [*]XenForo_Search_DataHandler_Abstract->insertIntoIndex() in XenForo/Search/DataHandler/Post.php at line 119
    [*]XenForo_Search_DataHandler_Post->quickIndex() in XenForo/Search/DataHandler/Post.php at line 89
    [*]XenForo_Search_DataHandler_Post->rebuildIndex() in XenForo/CacheRebuilder/SearchIndex.php at line 83
    [*]XenForo_CacheRebuilder_SearchIndex->rebuild() in XenForo/ControllerHelper/CacheRebuild.php at line 26
    [*]XenForo_ControllerHelper_CacheRebuild->rebuildCache() in XenForo/ControllerAdmin/Tools.php at line 63
    [*]XenForo_ControllerAdmin_Tools->actionCacheRebuild() in XenForo/FrontController.php at line 310
    [*]XenForo_FrontController->dispatch() in XenForo/FrontController.php at line 132
    [*]XenForo_FrontController->run() in /var/www/.../admin.php at line 13
 
#2
Hmm... Upon a bit more digging it looks like it's a bug with the Zend Framework that was reported over a year ago. Weird that it hasn't been fixed.
 

Mike

XenForo developer
Staff member
#4
I should also note that it's not an SQL injection, just an incorrect calculation of what it thinks are bound variables.
 
#5
Yeah. At first glance it looked like it could potentially have been a vector for injection, but after looking a bit closer I realized that wasn't the case but couldn't change my thread topic (or couldn't figure out how?)