Well, I looked into it.. AND..following remarks and questions:
Are you getting similar "Attacks" on other files other that browseimages,php (check that ip in your logs) even without mysql errors?
It seems that there is some bot (a human would not try in such a clumsy way) trying some sql injection by adding something to the url..
Why I think its a bot? a human would not add something to an url where there is no chance to succeed in a repeated way... a human would try to add something before the do= not after...
What he does.. Is he scans your page for forms.. finds a get form (the category jump) and adds some stuff hoping he will get into the database.... So the answer is yes, its a probe for exploits.
Actually you get the same error (or result) if you go to a category in browse images example:
http://gallery.mydomain.com/gallery/browseimages.php?catid=20
and manually add: &do=stupid or like the bot did: &do=jumpstupid
You will get the same error.. limit is empty..
(So much on efficiency of those bots)
Why do i then get a db error?
Well that is a teeny weeny problem in browseimages...
if do is not empty but has not one of the predefined values..
the images orderby and limit are empty... spitting out a mysql error...
instead of having :
ORDER BY votes DESC, LIMIT 0,15;
you have:
ORDER BY , LIMIT ;
That gives you the mysql error... It was never found because you never get into that position unless... someone tries to tamper with the url of a browseimage page..
So it is NOT a security problem, just a little bug that nobody stumbled into before.. Its easy to fix: there are several ways 1 . we could simlply populate the limit and the orderby with default values if empty,
Or 2 . we could check if the
do=xxx has not one of the predefined values.. and set it to browseimages if its value is wrong..
Or 3 . we could do like
2. but instead of fixing it.. just send the user to another site...
------------
i think 2. is the best solution:
But I think we should fix it before we call gallery_global.php (you never know what plugins users have installed...)
So for a quick FIX do the following:
Open browseimages.php
find:
Code:
Content visible to verified customers only.
and
ABOVE that line add:
Code:
Content visible to verified customers only.
In the unlikely case that someone uses a hack that needs another $_REQUEST['do'] than those listed in the array, just add it to the array. But I am NOT aware of any hack existing that would need it..
That will fix the problem in a very straight forward way.. but maybe michael or chuck have a better solution..
Luc
Error or exploit attempt 
Linear Mode
