blog documentation FAQ followers forum marketplace services youtube

solved dashboard 500 error caused by error in newslatter? (maybe beta core bug or exploitable vulnerability)

The Jamroom Network » Forum » Using Jamroom » Page » dashboard 500 error caused by error in newslatter? (maybe beta core bug or exploitable vulnerability)
soaringeagle
@soaringeagle
6 years ago
3,304 posts
this happens on 1 site only, not the other
on freedomswings.org the dashboard will not load i get a 500 error and in error log (site nothing in server logs) i see this
[30-Jul-2018 19:29:28 Europe/Dublin] PHP Fatal error:  Uncaught Error: Unsupported operand types in /var/www/vhosts/freedomswings.org/httpdocs/modules/jrNewsLetter-release-2.2.9/include.php:305 [1]
Stack trace: [2]
#0 /var/www/vhosts/freedomswings.org/httpdocs/modules/jrCore-release-6.1.9b1/lib/view.php(2759): jrNewsLetter_dashboard_panels('newsletter subs...') [1]
#1 /var/www/vhosts/freedomswings.org/httpdocs/modules/jrCore-release-6.1.9b1/index.php(2883): jrCore_dashboard_bigview(Array, Array, Array) [1]
#2 /var/www/vhosts/freedomswings.org/httpdocs/modules/jrCore-release-6.1.9b1/lib/module.php(288): view_jrCore_dashboard(Array, Array, Array) [1]
#3 /var/www/vhosts/freedomswings.org/httpdocs/modules/jrCore-release-6.1.9b1/router.php(180): jrCore_run_module_view_function('view_jrCore_das...') [1]
  thrown in /var/www/vhosts/freedomswings.org/httpdocs/modules/jrNewsLetter-release-2.2.9/include.php on line 305 [1]

is it the beta core? or what it just recently started


--
soaringeagle
head dreadhead at dreadlocks site
glider pilot student and member/volunteer coordinator with freedoms wings international soaring for people with disabilities
updated by @soaringeagle: 11/01/18 06:07:37PM
soaringeagle
@soaringeagle
6 years ago
3,304 posts
further diagnosis
disabling the newsletter module fixed the 500 error and the dashboard now loads properly
i only sent 1 newsleter ever
deleting it from the datastore browser alowed the module to dbe reacttivated and the dashboard now loads

i had assumed it was an issue with the subscriber count but was wrong i guess'

corection
since it seems semi intermittent (you can sometimes get it to load once after clearing cache or after integrity test) but then on refresh won;'t load
only disabling the newsletter entirely will alow it to load every time
maybe it is an error in the count or a bug in the beta core or..something

as always will continue trying to figure it out till you can test it too


--
soaringeagle
head dreadhead at dreadlocks site
glider pilot student and member/volunteer coordinator with freedoms wings international soaring for people with disabilities
updated by @soaringeagle: 07/30/18 06:56:36PM
soaringeagle
@soaringeagle
6 years ago
3,304 posts
found the problem! and a vulnerability
i only sent out 1 newsletter
but somehow a spammer was able to send out 18... and suppress them showing up in the datastore
and somehow that..i think.. caused the uncaught exception?
furthermore, both have the e_lid 1
all other newsletter related tables have 0 rows

can i drop these safely? i assume so
checked other site that too had 2 rows in same table both with the same id but 7 on there

so i didn't figure it out as much as i thught and hope i didn't just delete a profile that might be legit

ok i'll leave it to you to figure out
newsletter.jpg
newsletter.jpg  •  308KB




--
soaringeagle
head dreadhead at dreadlocks site
glider pilot student and member/volunteer coordinator with freedoms wings international soaring for people with disabilities
updated by @soaringeagle: 07/30/18 07:17:47PM
brian
@brian
6 years ago
10,148 posts
soaringeagle:
PHP Fatal error: Uncaught Error: Unsupported operand types in /var/www/vhosts/freedomswings.org/httpdocs/modules/jrNewsLetter-release-2.2.9/include.php:305 [1]
Stack trace: [2]

This is fixed in the latest newsletters module - it only seems to happen on specific PHP installs.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
brian
@brian
6 years ago
10,148 posts
soaringeagle:
found the problem! and a vulnerability
i only sent out 1 newsletter
but somehow a spammer was able to send out 18

Spammers were not able to send out newsletters - only you can as the master admin. The table you are looking at keeps track of emails that are sent a newsletter - that's it.


--
Brian Johnson
Founder and Lead Developer - Jamroom
https://www.jamroom.net
soaringeagle
@soaringeagle
6 years ago
3,304 posts
i figured that out after examining both sites tables
might have banned a legit member dunno but that site gets alot more spammers then dreadlockssite despite gtting 1/100th the trafic


--
soaringeagle
head dreadhead at dreadlocks site
glider pilot student and member/volunteer coordinator with freedoms wings international soaring for people with disabilities

Tags