Public Stack Trace WTF



  • Visit any page on http://www.iconflict.com/ right now and you'll get this (I've manually wrapped #0 to #2):

     

    DatabaseException

    Connect failed: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)

    Query

    Stack Trace

    #0 /usr/share/php/reflexions_framework/persistence/Database.php(39):
    Database->__construct('mysqli', 'localhost', 'iconflict', 'mko09ijn', 'iconflict')
    #1 /usr/share/php/reflexions_framework/persistence/PersistenceEngine.php(61):
    Database::get_current()
    #2 /usr/share/php/reflexions_framework/persistence/PersistenceEngine.php(42):
    PersistenceEngine->__construct('guid')
    #3 /usr/share/php/reflexions_framework/auth/SessionUser.php(135): PersistenceEngine::get_current()
    #4 [internal function]: SessionUser::session_read('1k554dfn437pr0g...')
    #5 /usr/share/php/reflexions_framework/auth/SessionUser.php(83): session_start()
    #6 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(66): SessionUser::init()
    #7 /var/www/vhosts/iconflict.com/public/plugins/IConflictPlugin.php(50): SiteShell::get_current_user()
    #8 /var/www/vhosts/iconflict.com/public/plugins/DetailPlugin.php(21): IConflictPlugin->setup_fields(Object(URLTree), NULL, Array)
    #9 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(288): DetailPlugin->setup_fields(Object(URLTree), NULL, Array)
    #10 /usr/share/php/reflexions_framework/siteshell/SiteShell.php(141): SiteShell::render(Object(DetailPlugin))
    #11 /var/www/vhosts/iconflict.com/public/htdocs/index.php(10): SiteShell::main('detail/Beijing-...', Array)
    #12 {main}



  • @bairy said:

    Visit any page on http://www.iconflict.com/ right now and you'll get this (I've manually wrapped #0 to #2):

    @bairy said:

    #0 /usr/share/php/reflexions_framework/persistence/Database.php(39):
    Database->__construct('mysqli', 'localhost', 'iconflict', 'mko09ijn', 'iconflict')
      Muhahahahaaa!



  •  Hey, look!

    SELECT id, user_id, session FROM session WHERE id = 'vkq0sdf1f58spclk9ukjieff10'

    Nice SQL show! 

    ... oh wait, I think they just got 0wn3d!

    Table 'iconflict.session' doesn't exist



  • @danixdefcon5 said:

    ... oh wait, I think they just got 0wn3d!

    Table 'iconflict.session' doesn't exist

    Ah, the Real WTF is that web user ("iconflict") is allowed to DROP TABLE.

    I wonder what this "Reflexions Framework" is - can't seem to find it in Google. PHB-inspiring, marketable name. I wonder if it's some sort of homebrew framework that they're planning on selling. "Leverage Web2.0 Folksonomy Synergies while exposing stack traces with your database passwords." Oops, meant "database credentials". You can't use a word as mundane as "password" in marketing, unless you're trying to sell something to the teenagers. "Credentials" is PHB-inspiring. Maybe change "stack trace" to "core development status reporting". Hmm... we'll make this marketable one way or another one day.



  • The sad thing is, I've seen this so often, my first thought was, TRWTF is it isn't a Java stack trace. (Not to say that Java has problems, merely to say that Java programmers have problems. That still doesn't inspire me to use the language.)



  • @WWWWolf said:

    Ah, the Real WTF is that web user ("iconflict") is allowed to DROP TABLE.
    As WTF-y as it is to have a god-like DB user for the web part, this is usually the only way to use MySQL in some ultra-cheap webhostings.

    When I began monkeying around with PHP, I did so using PostgreSQL as a backend. I was (and still am) wary of publicly-accessible DB's, even if only called by PHP, so I created a small limited-powers user for that. It only had SELECT, INSERT privs as that worked fine for what I wanted; most of the "admin" stuff was managed by a small Qt/C++ app on the "server", so I didn't even need UPDATE privs on the public side.

    However, one of these "proof of concept" apps would be using a full priv user later, because the idiot webhosting company only gave me one user for DB access. Guess what kind of WTF-worthy implementation followed...


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.