WordPress database error: help ?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • moroccanplaya
    New Member
    • Jan 2011
    • 80

    WordPress database error: help ?

    WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
    SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10


    can anyone help me with this error ?
  • code green
    Recognized Expert Top Contributor
    • Mar 2007
    • 1726

    #2
    The LIMIT -10, 10 looks wrong.
    You are asking to start at row -10.
    What are you trying to do?

    Comment

    • moroccanplaya
      New Member
      • Jan 2011
      • 80

      #3
      i ran a sql injection scan on my site and thats the result, is it a venerability ?

      Comment

      • JKing
        Recognized Expert Top Contributor
        • Jun 2007
        • 1206

        #4
        The scan told you there was a mysql error?

        Is the error suppressed? Or is it printed to the page when the user navigates to the page in question?

        If the error is being printed it could be a vulnerability by giving away details that would otherwise not be shown.

        Comment

        • moroccanplaya
          New Member
          • Jan 2011
          • 80

          #5
          yeah the error is being printed so do i fix this

          Comment

          • JKing
            Recognized Expert Top Contributor
            • Jun 2007
            • 1206

            #6
            Try this... I think the intent is to pull only 10 records.
            Code:
            SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT 10

            Comment

            • moroccanplaya
              New Member
              • Jan 2011
              • 80

              #7
              thats what gets printed on the site

              WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
              SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10

              Comment

              • moroccanplaya
                New Member
                • Jan 2011
                • 80

                #8
                this is the sql injection string that was used

                index.php?paged =/archive/-1-5-2-Create Table

                it was used at the end of a url

                Comment

                • moroccanplaya
                  New Member
                  • Jan 2011
                  • 80

                  #9
                  and this to
                  index.php?paged =-25633&header.ph p?=-id

                  Comment

                  Working...