In my near-20 years of working with UBB.threads software, I've never seen anything like what you've posted.

This has brought me to perform a few Google searches for elements within your post.

What was returned goes back to 2015 with an attacker attempting to perform a POP chain exploit to Joomla CMS.

Quote
[the] request headers must contain malicious data known as a "POP Chain" (Property Oriented Programming). POP chains, similar to their older cousin ROP (Return Oriented Programming) are constructed of a series of “magic PHP methods” that already exist in the code, which is why these kinds of attacks are often referred to as code reuse. An attacker must link these methods together in order to achieve their desired code execution.

The POP chain is then sent from the attacker in either the User-Agent or X-Forwarded-For header, the attacker saves the session cookie that is returned upon completion of the request. From what we have noticed, most of these POP chains run eval() on the POST data, but not all of them, as you can also run a chr() encoded string into eval() that will execute all the bad PHP calls: system(), popen(), exec(), passthru(), shell_exec(), etc. Here is an example of part of the exploit payload:

Code
eval(base64_decode($_POST[111]))

Have a read through here --
https://blog.cloudflare.com/the-joomla-unserialize-vulnerability/

Although there is already IP address sanitation built in to current and prior versions of UBB.threads, there has been further IP address sanitation built in for version 7.7.2, but as you've posted earlier, you increased the size of your user IP address storage table from VARCHAR(46) to VARCHAR(111), which may potentially cause issues in key locations of the UBB.threads software, and could also cause security related issues due to the you now allowing more non-IP address data to be stored an IP address table. We have not instructed that you do that.

If non-IP address are attempting the be written in to an IP-address-only field, its best to deal with whats allowing that, rather than to just accept it what the attacker wants to do and making him feel welcomed by increasing the field size for him. :/

Last edited by isaac; 06/08/2019 1:29 AM. Reason: added more content

Current developer of UBB.threads PHP Forum Software
Current Release: UBBT 7.7.5 // Preview: UBBT 8.0.0
isaac @ id242.com // my forum @ CelicaHobby.com