SMF 1.1.14: Hacking attempt... error on clicking Report to Moderator on post

Started by Elysia, August 30, 2011, 09:48:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Elysia

August 30, 2011, 09:48:11 AM
I see this was raised in 2007 with regard to PMs, but today we had it happen with a post containing the word 'unselected' as shown in single quotes. Is there a fix for this please?

Webpage error simply says...
Hacking attempt...

SMF error log says:
Code Select
Hacking attempt...

INSERT INTO smf_messages
(ID_BOARD, ID_TOPIC, ID_MEMBER, subject, body, posterName, posterEmail, posterTime,
posterIP, smileysEnabled, modifiedName, icon)
VALUES (35, 0, 224, SUBSTRING('Reported post: Caithness paperweights unsigned with 'unselected' label by xxxx', 1, 255), SUBSTRING('xxxx has been reported by yyyy (yyyy) on a board you moderate:

(url removed)

The reporter has made the following comment:
testing report to mod system', 1, 65534), SUBSTRING('yyyy (yyyy)', 1, 255), SUBSTRING('yyyy@yyyy', 1, 255), 1314709757,
SUBSTRING('yyyy', 1, 255), 0, '', SUBSTRING('xx', 1, 16))
File: .../Sources/Subs-Post.php
Line: 1535

NB: I've removed the board address, poster's name and the reporter's name, email address, and IP address to preserve their privacy.

The board has a number of Mods installed:
Mod Name    Version    
1.    SMF 1.0.16 / 1.1.8 Update    1.0    [ List Files ] [ Delete ]
2.    Display Location on posts    1.0    [ Uninstall ] [ List Files ] [ Delete ]
3.    SMF 1.0.21 / 1.1.13 Update    1.0    [ List Files ] [ Delete ]
4.    SMF 1.0.20 / 1.1.12 Update    1.0    [ List Files ] [ Delete ]
5.    Anti Bot: Are You Human/Bot?    2.3    [ Uninstall ] [ List Files ] [ Delete ]
6.    SMF 1.0.18 / 1.1.10 / 2.0 RC1-2 Update    1.1    [ List Files ] [ Delete ]
7.    SMF 1.0.17 / 1.1.9 / 2.0 RC1 Update    1.0    [ List Files ] [ Delete ]
8.    Create a topic when a post is reported    0.2    [ Uninstall ] [ List Files ] [ Delete ]
9.    SMF 1.0.16 / 1.1.8 Update    1.0    [ List Files ] [ Delete ]
10.    SMF 1.1.14 Update    1.0    [ Uninstall ] [ List Files ] [ Delete ]
11.    Stop Forum Spam    0.5    [ Uninstall ] [ List Files ] [ Delete ]
12.    SMF 1.0.20 / 1.1.12 Update    1.0    [ List Files ] [ Delete ]
13.    SMF 1.0.18 / 1.1.10 / 2.0 RC1-2 Update    1.1    [ List Files ] [ Delete ]
14.    SMF 1.0.19 / 1.1.11 Update    1.0    [ List Files ] [ Delete ]
15.    The Rules    1.2    [ Uninstall ] [ List Files ] [ Delete ]
16.    Ad Managment    2.3    [ Uninstall ] [ List Files ] [ Delete ]
17.    SMF 1.0.16 / 1.1.8 Update    1.0    [ List Files ] [ Delete ]
18.    Copy Topics    1.6

emanuele

#1
August 30, 2011, 10:15:19 AM
This is a bug of the mod "Create a topic when a post is reported".

If the subject of the post/topic contains single quotes (don't know about other special chars) when a user tries to report it then the "hacking attempt" error is shown.


Take a peek at what I'm doing! ;D



Hai bisogno di supporto in Italiano?

Aiutateci ad aiutarvi: spiegate bene il vostro problema: no, "non funziona" non è una spiegazione!!
1) Cosa fai,
2) cosa ti aspetti,
3) cosa ottieni.

Illori

#2
August 30, 2011, 03:50:39 PM
The author of this mod has been notified of the issue. I am going to move this to the fixed/bogus board since this is not a core issue.
Print
Go Up Pages1
User actions
Advertisement: