Post by Joe1234 » Wed Aug 21, 2024 10:32 am

I saw the following OC error log. I believe it is from a hack attempt. I see it popped up twice. Any idea how to prevent this?

Code: Select all

PHP Warning: mysqli::query(): (42000/1064): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Azur|Marseille', `customer_id` = '0', `url` = 'https://mywebsite.com/...' at line 1 in /home/user/path/system/library/db/mysqli.php on line 25
Last edited by Joe1234 on Thu Aug 22, 2024 1:59 am, edited 1 time in total.

v3.0.3.9 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.


Active Member

Posts

Joined
Sat Jan 01, 2022 5:47 am

Post by nonnedelectari » Wed Aug 21, 2024 1:49 pm

Joe1234 wrote:
Wed Aug 21, 2024 10:32 am
I saw the following OC error log. I believe it is from a hack attempt. I see it popped up twice. Any idea how to prevent this?

Code: Select all

PHP Warning: mysqli::query(): (42000/1064): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Azur|Marseille', `customer_id` = '0', `url` = 'https://mywebsite.com/...' at line 1 in /home/user/path/system/library/db/mysqli.php on line 25
Why would an sql syntax error be a hack attempt?

New member

Posts

Joined
Thu Mar 04, 2021 6:34 pm

Post by ADD Creative » Wed Aug 21, 2024 4:02 pm

You would need to find the query that has the issue. Could be a modification to the one in catalog/model/tool/online.php.

It's not necessary a hack attempt, especially if you are seeing the error when browsing your site, but could point to a query that is vulnerable.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by nonnedelectari » Wed Aug 21, 2024 4:15 pm

ADD Creative wrote:
Wed Aug 21, 2024 4:02 pm
You would need to find the query that has the issue. Could be a modification to the one in catalog/model/tool/online.php.

It's not necessary a hack attempt, especially if you are seeing the error when browsing your site, but could point to a query that is vulnerable.
The default query in online.php has the ip address prior to "`customer_id` ="
"'Azur|Marseille'", doesn't look like an ip address.

New member

Posts

Joined
Thu Mar 04, 2021 6:34 pm

Post by JNeuhoff » Wed Aug 21, 2024 5:32 pm

It originates from the catalog/controller/common/footer.php which calls the addOnline in the catalog/model/tool/online.php. While 'Azur|Marseille' is not a valid IP-address it won't cause the SQL syntax error.

The only way to know for sure of what exactly happened is to match up the time of this error with the server's raw access log, to find out the corresponding query.

Export/Import Tool * SpamBot Buster * Unused Images Manager * Instant Option Price Calculator * Number Option * Google Tag Manager * Survey Plus * OpenTwig


User avatar
Guru Member

Posts

Joined
Wed Dec 05, 2007 3:38 am


Post by ADD Creative » Wed Aug 21, 2024 6:20 pm

nonnedelectari wrote:
Wed Aug 21, 2024 4:15 pm
ADD Creative wrote:
Wed Aug 21, 2024 4:02 pm
You would need to find the query that has the issue. Could be a modification to the one in catalog/model/tool/online.php.

It's not necessary a hack attempt, especially if you are seeing the error when browsing your site, but could point to a query that is vulnerable.
The default query in online.php has the ip address prior to "`customer_id` ="
"'Azur|Marseille'", doesn't look like an ip address.
Which is why I said it could be a modification to that query. It likely an extension that gathers more information about visitors, which probably either modified the query or replaces the customer online section completely.

Of course it could also be something completely different. As JNeuhoff said matching the error with requests in the access log is a good place to start. So is disabling extensions one by one.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by paulfeakins » Wed Aug 21, 2024 7:42 pm

nonnedelectari wrote:
Wed Aug 21, 2024 1:49 pm
Why would an sql syntax error be a hack attempt?
I'm not saying this one is a hack attempt, but have you not heard of SQL injection?

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by nonnedelectari » Wed Aug 21, 2024 9:41 pm

paulfeakins wrote:
Wed Aug 21, 2024 7:42 pm
nonnedelectari wrote:
Wed Aug 21, 2024 1:49 pm
Why would an sql syntax error be a hack attempt?
I'm not saying this one is a hack attempt, but have you not heard of SQL injection?
Is that a rhetorical question?

New member

Posts

Joined
Thu Mar 04, 2021 6:34 pm

Post by Joe1234 » Thu Aug 22, 2024 1:59 am

Thanks all.
Coding was the issue...I thought it was a hack because this code has been running for 3 months and this is the first time this issue popped up. It looks like a string with an apostrophe was a part of the variable this time around. At least I'm assuming that is the reason because I can't see anything else that would cause that in the php error logs that match up with the OC log. So I added $this->db->escape() around the variable on the query.

I find it amazing that you have all this OC coding in your head that you can identify the function and page that this example came from.

v3.0.3.9 php 8.1
I'm here for a reason, if your response is contact a/the developer, just don't reply.


Active Member

Posts

Joined
Sat Jan 01, 2022 5:47 am

Post by nonnedelectari » Thu Aug 22, 2024 8:16 am

Joe1234 wrote:
Thu Aug 22, 2024 1:59 am
Thanks all.
Coding was the issue...I thought it was a hack because this code has been running for 3 months and this is the first time this issue popped up. It looks like a string with an apostrophe was a part of the variable this time around. At least I'm assuming that is the reason because I can't see anything else that would cause that in the php error logs that match up with the OC log. So I added $this->db->escape() around the variable on the query.

I find it amazing that you have all this OC coding in your head that you can identify the function and page that this example came from.
Well, if you keep an up to date copy of your source locally, it is relatively easy to search. Besides, default OC only has three queries which store a url, only one on the catalog side.

New member

Posts

Joined
Thu Mar 04, 2021 6:34 pm
Who is online

Users browsing this forum: Gpli, Majestic-12 [Bot] and 15 guests