db1051 1031386465 wikiuser mw1193 enwiki 49s SELECT /* MessageCache::loadFromDB(en)-small */ page_title,old_id,old_text,old_flags FROM `page`,`revision`,`text` WHERE page_is_redirect = '0' AND page_namespace = '8' AND (page_title NOT LIKE '%/%' ESCAPE '`' ) AND (page_latest=rev_id) AND (rev_text_id=old_id) AND (page_len <= 1024)
Reasons for suspicion:
- The query is allowing very broad parameters (there is no limit -1024 does not assure there is not millions of rows returned, and if it gets slightly bigger, it will actually do it)
- It is not done by wikiadmin, but wikiuser- it is the result of an end-user API call, not a job/maintenance/one-time query
- It doesn't use JOIN...ON syntax, but custom SQL, which not only is bad code, it means it is not going over the regular SQL sanitization
All these are guesses of a potential SQL injection or backdoor doing this strange query. It could be that this is a low level query, but in that case, a) what is calling it with such bad parameters, are those hardcoded? b) if no security issue is seen, this is still a normal bug due to odd syntax and absence of limits - which causes it to take >40 seconds to execute.