Announcement

Collapse
No announcement yet.

malicious code problem using IMPEX and SNITZ

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • malicious code problem using IMPEX and SNITZ

    Hi guys,

    I have been trying to use IMPEX 1.74 to import a SNITZ mssql db (2000) for use on VBulletin 3.6 and i repeatedly get 'malicious code' errors during importing threads,but when we open the db and look at the raw data in the tables, that code is not present.

    an example...(i replaced the letter i in script on this post)

    (addendum...immediately in front of the text input box appear the words 'MALICIOUS CODE IN and then it points to the text inside the box, some of which is pasted below)

    <br /><span class="isucc"><b>44.00%</b></span> Post -> XXXUSERXXX<p align="center" class="smallfont"><a href="index.php" onclick="clearTimeout(timerID);"></a></p>
    <scr*pt type="text/javascr*pt">
    myvar = ""; timeout = 5;
    function exec_refresh()
    {
    window.status="Redirecting"+myvar; myvar = myvar + " .";
    timerID = setTimeout("exec_refresh();", 100);
    if (timeout > 0)
    { timeout -= 1; }
    else { clearTimeout(timerID); window.status=""; window.location="index.php"; }
    }
    exec_refresh();
    </scr*pt>
    <!-- From snitz to 360-->

    and the rest of the text wraps itself inside of a text box and will not continue the import or throw an error.
    I cannot continue the import, ive tried hitting refresh or back and it will eventually get through the posts, and record no errors, but it stops twice on this malicious code and full text searches as well as drilling down into the colums and rows does not find it....
    i need assistance to get the forum converted asap. I opened a ticket with your support and no one has gotten back to me yet.

    thanks for anyone who assists...


    Damon DeLuca
    Last edited by ddeluca_ct; Tue 19 Dec '06, 9:35am.

  • #2
    I don't see any unassigned Support Tickets, so you already received a reply or someone is working on it.
    Want to take your board beyond the standard vBulletin features?
    Visit the official Member to Member support site for vBulletin Modifications: www.vbulletin.org

    Comment


    • #3
      malicious code ??

      That's the javascript redirect to get ImpEx to reload the page.

      Try setting this in your ImpExConfig.php :

      PHP Code:
      define('step_through'true); 
      I wrote ImpEx.

      Blog | Me

      Comment


      • #4
        nope...

        Originally posted by Jerry View Post
        malicious code ??

        That's the javascript redirect to get ImpEx to reload the page.

        Try setting this in your ImpExConfig.php :

        PHP Code:
        define('step_through'true); 

        thanks for the suggestion, i did as you suggested and it still died in the same spot in the process, we even deleted that thread that was referenced from the db, and it still breaks right there. We also did a checkdb on it to make sure it wasnt a DB error, and the db checks out fine with no errors.

        back to the drawing board for me...

        thanks again

        Damon Out-

        Comment


        • #5
          I would guess that there is some HTML in a title of a thread that is being imported that is being displayed as part of the page and killing it, hence the well suited "malicious code" title and the javascript being displayed.

          Try adding the html_2_bb() function to clean the titles of the threads, see if thats it.

          impex/systems/snitz/005.php

          line 120 :

          PHP Code:
          $try->set_value('mandatory''title'$thread_details['T_SUBJECT']); 
          Make it :

          PHP Code:
          $try->set_value('mandatory''title'$this->html_2_bb($thread_details['T_SUBJECT'])); 
          I wrote ImpEx.

          Blog | Me

          Comment


          • #6
            tried that too, failed again with malicious code warning but in a different place. Im going to look at the db itself again and see if i can find something in the subject lines table.(s)


            thanks,

            Damon DeLuca

            Comment


            • #7
              Is there anything in the PHP error logs ?
              I wrote ImpEx.

              Blog | Me

              Comment


              • #8
                nothing in the system/application logs for the server, cannot find the error log for the application. Does it make an error log? in the readme it says there is a db somewhere for support to use...can't seem to find it.

                thanks

                Damon DeLuca

                Comment

                widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                Working...
                X