Author |
Topic: Error 500 - avoid using "select" "f.r.o.m" (Read 17357 times) |
|
fiziwig
Junior Member
Posts: 78
|
 |
Error 500 - avoid using "select" "f.r.o.m"
« on: Jan 10th, 2007, 9:30pm » |
 Quote  Modify
|
For weeks I've been able to post to other forums, but posting to CS ALWAYS gives me this error:
Error 500
The requested URL http://www.ocf.berkeley.edu/~wwu/cgi-bin/yabb/YaBB.cgi is not available at this time
This URL is in a web site created by one of our users
You can contact that user by sending mail to: wwu@OCF.Berkeley.EDU
|
| « Last Edit: Jan 12th, 2007, 1:49pm by Icarus » |
 IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender: 
Posts: 13730
|
|
Re: Strange posting error
« Reply #1 on: Jan 11th, 2007, 1:29am » |
Quote Modify
|
That's indeed strange.
It does that no matter what you try to post?
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Strange posting error
« Reply #2 on: Jan 11th, 2007, 7:48pm » |
Quote Modify
|
I'm not sure. I came across an interesting CS algorithm puzzle on the job and tried to post it as a puzzle to the CS forum. I got the 500 error, so I tired again a few hours later and got 500 again, so I tried again a few days later and got 500 again. That's when I noticed I could still post to any other forum, but not to CS. I tried again a week later and could still post anywhere except CS. It's a very odd situation.
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Strange posting error
« Reply #3 on: Jan 12th, 2007, 12:11am » |
Quote Modify
|
Well, if it is what I think it is, it can be tracked down to a single sentence in what you're trying to post. At least that's what happened to me once, months back.
And you wouldn't have more success posting it in the other forums either. I can't quite remember the exact construction that gave me problems though (nor if preview gave the same problem).
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Strange posting error
« Reply #4 on: Jan 12th, 2007, 8:50am » |
Quote Modify
|
Interesting. If that's the case then I should be able to attempt to post the puzzle one sentence at a time until I find out which sentence cannot be posted. (I have the post in a text file from which I can cut and paste individual sentences)
From there, the offending sentence could be re structured in various ways to see if it can be posted in any of the alternate paraphrases. I could also narrow it down to a single word if that is the problem.
Hmmm. This is an interesting puzzle in its own right.
|
|
IP Logged |
|
|
|
Grimbal
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 7527
|
|
Re: Strange posting error
« Reply #5 on: Jan 12th, 2007, 9:31am » |
Quote Modify
|
Why don't you post your post in the CS forum, so we can have all have a try at it? 
BTW, if it is at work, it might be your employer has some kind of firewall that is blocking traffic based on keywords. If any of the words in the post look suspicious the firewall might just drop the connection to the server, and indeed you would get a 500 error.
|
| « Last Edit: Jan 12th, 2007, 9:36am by Grimbal » |
IP Logged |
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Strange posting error
« Reply #6 on: Jan 12th, 2007, 1:02pm » |
Quote Modify
|
I've tried posting it to the CS forum. That's the problem. I've been trying from home with no firewall.
So far I've discovered a certain phrase in the title or body causes the post to fail on any forum. Since I can't actually post that phrase here without causing the post to fail, (I tried it in the body of this post and it crashed) I will give it with asterisks inserted between the letters: S*e*l*e*c*t*i*n*g* f*r*o*m
|
|
IP Logged |
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Strange posting error
« Reply #7 on: Jan 12th, 2007, 1:04pm » |
Quote Modify
|
The only suspicious thing is that the word "select" and the other word, which I apparently can't mention in the same post, are often used together in SQL database queries. It may be something that is blocking me because it thinks I'm trying to do some kind of database hack.
On Edit: In fact including the word "SELECT" followed by the word spelled F.R.O.M. in the title or body does cause an error 500.
|
| « Last Edit: Jan 12th, 2007, 1:07pm by fiziwig » |
IP Logged |
|
|
|
Icarus
wu::riddles Moderator
Uberpuzzler
Boldly going where even angels fear to tread.
Gender:
Posts: 4863
|
|
Re: Strange posting error
« Reply #8 on: Jan 12th, 2007, 1:48pm » |
Quote Modify
|
I can't get it to post either. Odd that this hasn't come up more often, but in all the posts I've made, I've never had it occur.
My guess is that you are correct in why it happens, and I suspect it must be a some-what recent change, as I cannot imagine not having heard about it before if it was a long-term rule. Surely with all the long posts people have used the word "select" and then later in the post the word "f.r.o.m" before.
Anyway, since it's likely to happen to other people, I'm making this thread sticky, and changing the subject to alert others as to what the problem is.
|
|
IP Logged |
"Pi goes on and on and on ...
And e is just as cursed.
I wonder: Which is larger
When their digits are reversed? " - Anonymous
|
|
|
ThudnBlunder
wu::riddles Moderator
Uberpuzzler
The dewdrop slides into the shining Sea
Gender:
Posts: 4489
|
|
Re: Error 500 - avoid using "select" &am
« Reply #9 on: Jan 12th, 2007, 2:38pm » |
Quote Modify
|
A search for those two words also has the same effect.
And this post by Icarus was allowed as recently as Jan 10th.
|
| « Last Edit: Jan 12th, 2007, 5:23pm by ThudnBlunder » |
IP Logged |
THE MEEK SHALL INHERIT THE EARTH.....................................................................er, if that's all right with the rest of you.
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #10 on: Jan 12th, 2007, 6:08pm » |
Quote Modify
|
Apparently "...from ... select..." is acceptable, but not in the other order.
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #11 on: Jan 13th, 2007, 9:49am » |
Quote Modify
|
My only worry, aside from the annoyance, is whether it's an exploitable bug. If it interferes with the database, someone might damage it.
I think that's why I didn't post it that time I had the problem. I can't recall whether I actually messaged William about it though, only that I intended to.
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Icarus
wu::riddles Moderator
Uberpuzzler
Boldly going where even angels fear to tread.
Gender:
Posts: 4863
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #12 on: Jan 14th, 2007, 5:48pm » |
Quote Modify
|
I've just had a post rejected for this reason. Fortunately because of this thread I was able to spot the problem and change "selected" to "chosen".
This reinforces my belief that it must be a recent security change - though because of towr's incident, it must be at least a few months old. But it can't have been in place forever - I'm too wordy to have never used those words in the appropriate combination before. 
|
|
IP Logged |
"Pi goes on and on and on ...
And e is just as cursed.
I wonder: Which is larger
When their digits are reversed? " - Anonymous
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Error 500 - avoid using "select" &am
« Reply #13 on: Jan 15th, 2007, 1:39am » |
Quote Modify
|
on Jan 14th, 2007, 5:48pm, Icarus wrote:| This reinforces my belief that it must be a recent security change - though because of towr's incident, it must be at least a few months old. |
|
It was more than just a few month ago; possibly over a year. Probably it got in with the upgrade of the forum. However for a long time after that I never noticed it again (even though you'd expect it, because the construction isn't that uncommon)
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Grimbal
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 7527
|
|
Re: Error 500 - avoid using "select" &am
« Reply #14 on: Jan 15th, 2007, 4:58am » |
Quote Modify
|
SELECT FR0M
It is due to a bad but common programming practice to build SQL statements from user input by concatenating strings instead of properly quoting the data.
By submitting data that contains a single quote, it is sometimes possible to make your data be interpreted as SQL and executed on the web server. By adding a statement such as "SELECT * FR0M users", if the data requested in the original statement is displayed, it might also display the list of all registered users and passwords.
Either YaBB or some library it is build on, or maybe a firewall at Berkeley decided to stop every submissions containing these 2 words.
Funnily, other dangerous combinations such as INSERT ... INTO or DELETE ... FR0M don't seem to be a problem.
|
| « Last Edit: Jan 16th, 2007, 2:54am by Grimbal » |
IP Logged |
|
|
|
fiziwig
Junior Member
Posts: 78
|
|
Re: Error 500 - avoid using "select" &am
« Reply #15 on: Jan 15th, 2007, 6:14pm » |
Quote Modify
|
Clever use of zero for the letter O in FR0M. Of course it looks a little silly in lower case: select fr0m. There's always "fröm" as a way around it too.
|
|
IP Logged |
|
|
|
Sameer
Uberpuzzler
Pie = pi * e
Gender:
Posts: 1261
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #16 on: Jan 15th, 2007, 7:00pm » |
Quote Modify
|
this must be some patch to avoid sql injection ... but i think there should be a better way of inserting a forum post into the server and avoid sql injection... maybe a bug with YABB...
|
|
IP Logged |
"Obvious" is the most dangerous word in mathematics.
--Bell, Eric Temple
Proof is an idol before which the mathematician tortures himself.
Sir Arthur Eddington, quoted in Bridges to Infinity
|
|
|
Eigenray
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 1948
|
|
Re: Error 500 - avoid using "select" &am
« Reply #17 on: Jan 15th, 2007, 7:12pm » |
Quote Modify
|
Or just "select from".
|
|
IP Logged |
|
|
|
Icarus
wu::riddles Moderator
Uberpuzzler
Boldly going where even angels fear to tread.
Gender:
Posts: 4863
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #18 on: Jan 15th, 2007, 7:31pm » |
Quote Modify
|
Heh. Wish I'd thought of that. There's even precedent: towr came up with the same method to show people what codes to use, without those codes being automatically converted - though he used the bold codes.
|
|
IP Logged |
"Pi goes on and on and on ...
And e is just as cursed.
I wonder: Which is larger
When their digits are reversed? " - Anonymous
|
|
|
Grimbal
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 7527
|
|
Re: Error 500 - avoid using "select" &am
« Reply #19 on: Jan 16th, 2007, 1:27am » |
Quote Modify
|
I tried sel[b][/b]ect from, but somehow it doesn't work.
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Error 500 - avoid using "select" &am
« Reply #20 on: Jan 16th, 2007, 2:42am » |
Quote Modify
|
Tags with nothing between them don't work.
So I always bolded a word or phrase in two parts instead.
|
|
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
Icarus
wu::riddles Moderator
Uberpuzzler
Boldly going where even angels fear to tread.
Gender:
Posts: 4863
|
|
Re: Error 500 - avoid using "select" &am
« Reply #21 on: Jan 16th, 2007, 1:54pm » |
Quote Modify
|
Towr's method was: [b]se[/b][b]lect from[/b].
Eigenray's method is se[color=white]l[/color]ect from
|
|
IP Logged |
"Pi goes on and on and on ...
And e is just as cursed.
I wonder: Which is larger
When their digits are reversed? " - Anonymous
|
|
|
SMQ
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 2084
|
 |
Error 500 - avoid using dot dot slash
« Reply #22 on: Feb 8th, 2007, 5:47am » |
Quote Modify
|
Another sequence which generates the same error: ../ (two periods followed by a forward slash) appearing anywhere in the post
--SMQ
|
|
IP Logged |
--SMQ
|
|
|
Eigenray
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 1948
|
|
Re: Error 500 - avoid using "select" &qu
« Reply #23 on: Oct 2nd, 2007, 10:20pm » |
Quote Modify
|
Here's one I have no explanation for:
)(|
and variations on the above.
|
|
IP Logged |
|
|
|
towr
wu::riddles Moderator
Uberpuzzler
Some people are average, some are just mean.
Gender:
Posts: 13730
|
|
Re: Error 500 - avoid using "select" &am
« Reply #24 on: Oct 2nd, 2007, 11:44pm » |
Quote Modify
|
?
../
?
|
| « Last Edit: Oct 2nd, 2007, 11:45pm by towr » |
IP Logged |
Wikipedia, Google, Mathworld, Integer sequence DB
|
|
|
|
RIDDLES SITE
WRITE MATH!
Home 
Help 
Search 
Members 
Login 
Register
Reply
Notify of replies
Send Topic
Print