database error

this is what i get when i click on the navbar > profile

Warning: Division by zero in /home2/thechur3/public_html/templates/base/scripts/BxBaseProfileView.php on line 524

followed by this email:

Total impact: 58
Affected tags: xss, csrf, id, rfe, lfi

Variable: REQUEST.topic_text | Value: <p>when in fear just remember</p>
<p> </p>
<p>
<object type=\"application/x-shockwave-flash\" height=\"340\" width=\"560\" data=\"http://www.youtube.com/v/yzqTFNfeDnE&hl=en_US&fs=1&\">
<param name=\"allowFullScreen\" value=\"true\" />
<param name=\"allowscriptaccess\" value=\"always\" />
<param name=\"src\" value=\"http://www.youtube.com/v/yzqTFNfeDnE&hl=en_US&fs=1&\" />
<param name=\"allowfullscreen\" value=\"true\" />
</object>
</p>
Impact: 29 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68

Variable: POST.topic_text | Value: <p>when in fear just remember</p>
<p> </p>
<p>
<object type=\"application/x-shockwave-flash\" height=\"340\" width=\"560\" data=\"http://www.youtube.com/v/yzqTFNfeDnE&hl=en_US&fs=1&\">
<param name=\"allowFullScreen\" value=\"true\" />
<param name=\"allowscriptaccess\" value=\"always\" />
<param name=\"src\" value=\"http://www.youtube.com/v/yzqTFNfeDnE&hl=en_US&fs=1&\" />
<param name=\"allowfullscreen\" value=\"true\" />
</object>
</p>
Impact: 29 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68

REMOTE_ADDR: 96.19.51.187
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home2/thechur3/public_html/modules/boonex/forum/index.php
QUERY_STRING:
REQUEST_URI: /forum/
QUERY_STRING:
SCRIPT_NAME: /modules/boonex/forum/index.php
PHP_SELF: /modules/boonex/forum/index.php

division by 0 is usually bad checkboxes in profile fields

deactivate the new fields you made to find the culprit

the mail is regarding your vid

raise your threshold

not sure i understand, just got a HUGE email from database error.

SELECT p.*, if(`DateLastNav` > SUBDATE(NOW( ), INTERVAL 1 MINUTE ), 1, 0) AS `is_online`, UNIX_TIMESTAMP(p.`DateLastLogin`) AS 'TS_DateLastLogin', UNIX_TIMESTAMP(p.`DateReg`) AS 'TS_DateReg'
FROM `Profiles` AS p
LEFT JOIN `sys_friend_list` AS f1 ON (f1.`ID` = p.`ID` AND f1.`Profile` ='5' AND `f1`.`Check` = 1)
LEFT JOIN `sys_friend_list` AS f2 ON (f2.`Profile` = p.`ID` AND f2.`ID` ='5' AND `f2`.`Check` = 1)

WHERE 1
AND (f1.`ID` IS NOT NULL OR f2.`ID` IS NOT NULL)

ORDER BY p.`Avatar` DESC
LIMIT -0, 0

Mysql error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-0, 0' at line 10

Found error in the file '/home2/thechur3/public_html/inc/profiles.inc.php' at line 376.
Called 'db_res' function with erroneous argument #0.


Debug backtrace:
Array
(
[1] => Array
(
[file] => /home2/thechur3/public_html/inc/classes/BxDolDb.php
[line] => 236
[function] => error................and so on

inc/profiles.inc.php

line 359 if not double spaced should look like

$sLimit = ($sqlLimit == '') ? '' : /*"LIMIT 0, " .*/ $sqlLimit;

goto rc2

The HUGE emails are just complete dumps of the offended section of the dbase as it pertains to the error generated, You need to be careful uploading those dump files as it may contain enough information to make you vulnerable to attack.

As was pointed out, the log seems to point to something you added in the Join Form for one error and it didnt care for the yuotube video url as well.

Dolphin 7 has a script that attempts to detect someone "rushing" you server (think NFL Ray Lewis) in an attempt to make it stumble and open up access to Admin or member information. It is set to error on the side of safety. You can adjust its tolerance in Advanced Settings. It is not a Boonex problem per say, but rather a matter of finding that happy balance of safety vs convenience.

Others can speak to the actual mechanism better than I but that is my take on the matter based on my 4 days of swimming with the Dolphin :)