Jump to content

Never seen this before....?


Recommended Posts

I got this automated mail this morning:

Dear admin,

An error has been generated on your forums. You are being sent this notification based on your error log notification settings in the Admin Control Panel. This error meets the criteria for errors that you have set to be notified about.

The error code is: 5031

The error message is: We use an authorization key to verify you really submitted the form, and the authorization key was not supplied with your form submission or was invalid. Please go back, reload the form and try to submit it again.

The user who saw this error is: Guest

The IP address of this user is: [deleted]

Please login to your Admin Control Panel to use the error log viewer tool for further information.

I went ACP and I can see this in error log:


What am I dealing here with?
Link to comment
Share on other sites

It's an attempted SQL injection into your board. The user is attempting to run some SQL by passing it in with the URL.

The board is trapping it, because the auth_key part of the URL is incorrect.

(Even if they got the auth_key correct,the URL they are trying to use is only valid if they are a moderator.)

InVision have been public about this potential explot, and fixed it in 3.0.5.

Link to comment
Share on other sites

You had someone try to exploit one of the issues patched in 3.0.5:

If you've not already upgraded to 3.0.5, you should do so as soon as possible. Note, though, that since it was a guest that tried this, it never would have succeeded even on earlier versions. This was probably just some script kiddie who didn't even bother to read about what they were trying to do.

Link to comment
Share on other sites

I was getting these for a while and then it stopped, I was never aware it was an SQL injection attempt. Of course they didn't succeed in doing whatever it was they were trying to do and got tired. It makes me a bit more worried now that I know it was an SQL injection attempt to exploit the board software, I didn't know it at the time and didn't ban the IP address..

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 months later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...