Search results

Thanks, though I do recommend changing the password. It's in the error output unfortunately. This cPanel or Plesk? I can fix with access

Does your MySQL user password have a $ in it? Does /home/ziplera/.my.cnf exist?

I'd need to see the latest errors, since we had the earlier ones. Anything newer than 2019-10-13 14:47:01.944658?

2019-10-13 14:46:55.417966 [NOTICE] [3787126] [84.24.157.141:47549] [STDERR] PHP Notice: Undefined index: zimplera_delta in Paste your database credentials file with the password(s) redacted.

aww too bad i wanted you to join my project

There is no reason to not have this task performed at the Apache level prior to it getting forked to a PHP process. If a user uses this behind a hostname that goes through a CDN (ie - Cloudflare), the connecting user's IP address will always be a CF IP address. I don't know why you would want...

I'm specifically talking about your post "only trusted proxies" that was made in regards to me stating "he should still be checking proxies". How do you know it's a trusted proxy? You have to perform some kind of checks to verify this. That's cool you went to school for this. This is a good...

How do you know an IP address is a proxy if it hasn't already went through some kind of check? 1570130508 Not hard to implement mod_remoteip.

He's right, but he should still be checking proxies.

That really doesn't make much sense to me. Can you clarify?

Where is $Holo being defined? Have you tried manually running the same query, adjusting as needed?

Well run this query to make sure: SELECT @@GLOBAL.sql_mode;

Well how did you change strict mode?

Enable MySQL's general query log. The query is attempting to be executed and you will be able to see exactly what is being passed. If it's not already showing in it's err log then attempting to re-run the query will give a more meaningful error.

The conditions to reach that echo can still be met and have the query fail due to any number of reasons (ie - filtro() is not a default function and hopefully just a translation issue here). We know the else block is being reached because of the redirect.

That doesn't really prove much. How are you changing the SQL mode?

Is STRICT_TRANS_TABLES enabled?

This is with a default Apache stack (no ModSecurity and using PHP 5.6): $ curl -IL "http://thedomain.tld/modtools/query.php?what=deletegroup&id=1;DROP%20TABLE%20smf_calender;" HTTP/1.1 302 Moved Temporarily Date: Wed, 28 Aug 2019 13:21:10 GMT Server: Apache Location: guilds.php?id=1;DROP TABLE...

Got proof besides just stating it? Show the general query log. Someone give me the db structure or a sample db

What's a default stack? Assuming something to be true doesn't hold much weight. It's injectable for sure, but then you're not sure what level of injection. It'd be like me putting wings on my car and saying "This is now a plane for sure, I just don't know how long or how high it can fly"...