One thing after another! What is it with the goons that did all this protection work? Did they even make an attempt to check their work? I am so sick of this kind of crap that I am almost ready to completely give up on Boonex.
If I add an extra line in a blog creation (like a new freakin paragraph) I get a white space attack error
God forbid if I should enlarge the text past 10 pts.
Oh and no way are we allowed to add an image. What a mess!
D7 RC1 usint ie8 in xp pro Possible attack over and over andf over again ....
[code]Total impact: 46
Affected tags: xss, csrf, id, rfe, lfi, sqli
Variable: REQUEST.PostText | Value: <p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Well. Another year and another trip to Baltimore. Wow was I underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food.</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it is. Maybe it\'s just me. I always end up in Baltimore. It\'s like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while lstening to them calling her my \'mystery girl\' and they weren\'t sure if she actually existed or not.</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Once she did finally show up, no one wanted to talk to me anymore .... but&nbsp;I digress...</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it was but it all seemed less grand this year. There didn\'tseem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me.</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Is it justy me or does there seem to be an absolute lack of ingenuity in this industry anymore? I mean I haven\'t seen anything new come along that has made me say \'wow! that\'s just a cool idea!\' The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it, It did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman \'why didn\'t you at least give it a decent paint job?\' It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother?</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Oh my gawd! I sound like the ulrimate whiner! You know, alst year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked&nbsp; promoting my site but at the same time, I didn\'t get to spend one minute talking to people or checking out th0 diplays so this year I decded I wasn\'t bringing anything but myself.</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I should have brought T shirts. I realized that last year, I really hadn\'t missed anything.</span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Ok, enough show bashing. There is something else I want to talk about. Peeing on each others tree. You can make your pee more pungent if you limit how much wa ... wait, I have a better way to put this. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. It\'s hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow, EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together!</span></span></p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\"><img title=\"Training Together\" src=\"http://towme.net/m/photos/get_image/file/9361509972006aa3e98a65ffb0b02902.jpg\" alt=\"Terry Hummelsine and Tom Luciano\" width=\"300\" height=\"227\" /></span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I do not know why and I have been speculating heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didn\'t see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk! </span></span></p>
<p>&nbsp;</p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.</span></span></p>
<p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:x-small;\">&nbsp;<img title=\"Cool\" src=\"http://towme.net/plugins/tiny_mce/plugins/emotions/img/smiley-cool.gif\" border=\"0\" alt=\"Cool\" /></span></span></p>
Impact: 23 | Tags: xss, csrf, id, rfe, lfi, sqli
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
[/code]
http://towtalk.net ... Hosted by Zarconia.net! |
Rules → http://www.boonex.com/terms |
Ummm ... Boonex didnt create the PCRE ... they just added it. Its like spamassasin, it looks for a signature and rewards points to it. Once a threshold is reached it sends you an E-Mail. Change the threshold in advanced settings
If you PASTE anything into the mce from any program except notepad chances are good its gonna set off quite a few points... MS Word docs, html code etc in your paste aren't what a person would do typing it manually. So guess what .. yep ... more points!
Your post has all the marks of a cut n paste directly from MS word. look at all the styles. Do yourself a favor. Copy out of word, paste into notepad then paste into Dolphin. Go back, fix paragraphs, bold where it needs to be bold and save. No email!
Mike
|
You are incorrect. It was NOT a cut and paste. I typed it all directly into the editor. My problems started when I tried to format it. I wanted to add a blank line between the paragraphs so I did, then I changed the font to Georgia and tried to increase the font to 12 pts. In essence, I tried editing what I had typed for errors and appearance and in the end I was stuck in a vicious cycle of possible attack errors.
I will try entering the same text in the demo site for you Alex as requested and will notate each step I take. The original post before I edited it was just fine with no errors. It's when I started trying to change it that the trouble started. Sorry about the outburst last night, it was like the final straw and I blew a cork....
http://towtalk.net ... Hosted by Zarconia.net! |
Ok, I have posted the exact same content in demozz/7b. Here are the steps and results.
To make sure I was using the exact same text, I copied the text from my site, opened my notepad and stripped the text of any formatting. Then I pasted it into the editor on 7b.
- As soon as I saved the text, I got the possible attack error message. I am sure you now have the email.
- I then added the blank lines between the paragraphs and tried to add an image, same result.
- In the demozz site, the post never appeared. In my site, one of the posts actuially made it into the system even though it posted an attack error.
Good luck....
PS, using IE8 on xp pro......
http://towtalk.net ... Hosted by Zarconia.net! |
Even so, lots of people are going to cut-and-paste from Word and other programs. For example, if you have a business site and they are pasting their resume or their bio. Many people have that prepared as boiler plate and don't compose it new each time. I hope this is not going to set off security alerts and blocks when they do that.
Rob
|
I agree with that. I have always had trouble with these editors, even on other sites I have built. Add in this security protocol and it seems to have magnified already existing issues... http://towtalk.net ... Hosted by Zarconia.net! |
I saw the georgia font style and assumed it was pasted in. I wasn't trying to pick at you just wanted to point out what could have happened.
In ADVANCED SETTINGS > OTHER you can set two point levels. The level it sends you an email and a level it blocks the post. All you have to do is set those to a level higher than the errors you are getting right now and you won't see this anymore.
Default is 9 points to send an email and 27 points to block the post. Since this particular post rang up a whopping 46 points, I would set the email to 50 and the block to 80 and see if that works for you.
|
I'm certainly not a security expert, but it seems like it is too crude of an control. For example, why doesn't it just allow you to permit or deny a cut an paste operations - or whitespace, or smileys - whatever. By setting the points to a lower number, how would I know I was doing the right thing? |
phpids is kinda new and not very well documented but is very highly customizable///you can get her to do what you want if you learn it too.
there are exeptions rules in the config file and the monitor can be costumized to do exaactl;y what you want.....just need a course in php or hire a guy to geter done.
I have video tutorials to help you mrpowless.com |
I agree Caltrade. Sure anyone can go in and bump the impact levels to 200 and do whatever you like, but you have to keep in mind that this whole feature was created to protect your site from possible attacks.
Previously, we saw all kinds of posts about member's sites being "hacked" and having to restore from backups or start all over. The security feature has great intentions and what we WANT to do is push the limits so we can do things like "insert youtube videos into forums".
As I have stated before, I totally agree that some reconsideration needs to be done to the filtering of PHPIDS, so that it will allow us to do some of the features in dolphin that are not considered dangerous, such as smileys :)
Im sure they are looking into this since we have posted numerous issues regarding the possible attack emails and blocking of members when it wasn't necessary. But I can also say that I'm glad to see that it has the capability to stop the spammers from coming into our sites and destroying them too. I have received several emails from people trying to "spam" my site already. On the first day of installation before there were any members even.. haha
Just be careful with your impact settings, too high and you may become the next victim.
Chris
Nothing to see here |
I'll leave this post here, but it now seems to be total crap.
BOONEX:
I think you guys need to take a look at where you have PHPIDS tied into the chain of events when posting something. PHPIDS is obviously applying its scrutiny AFTER a lot of formatting by the D7 script. It does NOT appear to be looking only at user supplied input. This is a big mistake, and I don't see how it is ever going to be able to tell the difference between user input that is formatted by the D7 script, and a real attack.
If you look at one small snippet of the text that SkyForum submitted \'mystery girl\' .... all that is being done here is escaping the apostrophe characters. The user didn't escape the apostrophe characters, the D7 script did.
If you visit the PHPIDS smoketest page at: http://demo.php-ids.org/ and enter \'mystery girl\' ... you will se that the total impact is 20.
classic SQL injection probings..... I don't think so
basic SQL authentication bypass attempts ..... oh really now
unknown attack vectors based on PHPIDS Centrifuge detection ...... yawwwwwwwnnnnn
Come on.... all that just for ecaping two apostrophe characters? I guess we could call this the 'Attack of the mystery girl' .... or more appropriately, \'attack of the mystery girl\'
Now..... if you go ahead and enter 'mystery girl' on that smoketest page, which is all the user really entered, you'll see that the total impact is zero, as it should be.
I don't know if it's possible for PHPIDS to scrutinize ONLY user supplied input before all the formatting that the D7 script adds to it, but if it isn't, PHPIDS is never going to work right. You'll never get it to tell the difference between 'mystery girl' and a real sql injection attack.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
@ SkyForum... I'm missing something here.
If i take that text you supplied in your original post, and replace all the character entities with the character that they represent, I get the following code, which Posts just fine on my site, and has an overall impact of 13 on the phpids smoketest page:
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Well. Another year and another trip to Baltimore. Wow was I underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food.</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">I don't know what it is. Maybe it's just me. I always end up in Baltimore. It's like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while lstening to them calling her my 'mystery girl' and they weren't sure if she actually existed or not.</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Once she did finally show up, no one wanted to talk to me anymore .... butI digress...</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">I don't know what it was but it all seemed less grand this year. There didn'tseem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me.</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Is it justy me or does there seem to be an absolute lack of ingenuity in this industry anymore? I mean I haven't seen anything new come along that has made me say 'wow! that's just a cool idea!' The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it, It did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman 'why didn't you at least give it a decent paint job?' It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother?</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Oh my gawd! I sound like the ulrimate whiner! You know, alst year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked promoting my site but at the same time, I didn't get to spend one minute talking to people or checking out th0 diplays so this year I decded I wasn't bringing anything but myself.</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">I should have brought T shirts. I realized that last year, I really hadn't missed anything.</span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Ok, enough show bashing. There is something else I want to talk about. Peeing on each others tree. You can make your pee more pungent if you limit how much wa ... wait, I have a better way to put this. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. It's hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow, EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together!</span></span></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;"><img title="Training Together" src="http://towme.net/m/photos/get_image/file/9361509972006aa3e98a65ffb0b02902.jpg" alt="Terry Hummelsine and Tom Luciano" width="300" height="227" /></span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">I do not know why and I have been speculating heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didn't see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk! </span></span></p>
<p></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:small;">Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.</span></span></p>
<p><span style="font-family:georgia, palatino;"><span style="font-size:x-small;"><img title="Cool" src="http://towme.net/plugins/tiny_mce/plugins/emotions/img/smiley-cool.gif" border="0" alt="Cool" /></span></span></p>
Here it is when entered as html:
Well. Another year and another trip to Baltimore. Wow was I underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food.
I don't know what it is. Maybe it's just me. I always end up in Baltimore. It's like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while lstening to them calling her my 'mystery girl' and they weren't sure if she actually existed or not.
Once she did finally show up, no one wanted to talk to me anymore .... butI digress...
I don't know what it was but it all seemed less grand this year. There didn'tseem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me.
Is it justy me or does there seem to be an absolute lack of ingenuity in this industry anymore? I mean I haven't seen anything new come along that has made me say 'wow! that's just a cool idea!' The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it, It did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman 'why didn't you at least give it a decent paint job?' It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother?
Oh my gawd! I sound like the ulrimate whiner! You know, alst year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked promoting my site but at the same time, I didn't get to spend one minute talking to people or checking out th0 diplays so this year I decded I wasn't bringing anything but myself.
I should have brought T shirts. I realized that last year, I really hadn't missed anything.
Ok, enough show bashing. There is something else I want to talk about. Peeing on each others tree. You can make your pee more pungent if you limit how much wa ... wait, I have a better way to put this. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. It's hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow, EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together!
I do not know why and I have been speculating heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didn't see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk!
Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.
Makes me wonder if anything I said in my post above is valid.
My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
It may be that the site is converting the symbols to their character entities and then the flags start flying?
I posted the original as sent in the email into smoke test and it scored 25. I then submitted the article to PHPIDS false positive form. Could be that they need to update the rules on their end and its not boonex's problem at all :)
houstonlively, how does the article format in mysql? The ones I have all show the correct character symbols but maybe a cut n paste gets injected differently ?
|
Wow. All this is almost over my head. Going to take a few minutes tio take it all in and formulate a response. http://towtalk.net ... Hosted by Zarconia.net! |
The post in my DB looks like plain old html.... no charater entities. I am even able to copy the above formatted text. with picture, and paste it into tinyMCE and save the post..... although it seems to take an extraordinarily long time.
So..... It appears that everything I said about the D7 script formatting the post using all those character entities, and escaping apostrophes, is entirely wrong. SO... the question is, where in hell are all those character entities coming from? It's like when you post some html code as text, the underlying html code required to display the html code, will contain all the character entities.
The text that Skyforum posted, is what would happen if you posted html code directly into the tinyMCE editor, instead of opening the html window, and posting the code there. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
OK I went ahead and tested my hypothesis.
If I just paste the raw html (version corrected by houstonlively) it scores a 60 and gets blocked.
The email I received contained the raw ascii.
If I open up the HTML Editor and paste it there it worked fine.
Not sure that helps us any put I wanted to see if mce was reducing the html symbols to asci characters before processing by PHPIDS , which it appears to do if you are in the wysiwyg mode.
|
Ok, set my settings to 1 and 1, then removed all apostrophes and a few other things. Here's the report.
I never realized until today just how much of a love affair I have with the apostrophe! Maybe we can see what's it catching now?
[code]
Total impact: 8
Affected tags: xss, csrf
Variable: REQUEST.PostText | Value: <p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Well. Another year and another trip to Baltimore. Wow was I ever underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it is. Maybe it\'s just me. I always end up in Baltimore. It\'s like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while listening to them calling her my mystery girl and they werent sure if she actually existed or not. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Once she did finally show up, no one wanted to talk to me anymore .... but&nbsp;I digress. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it was but it all seemed less grand this year. There didnt seem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Is it just me or does there seem to be an absolute lack of ingenuity in this industry anymore. I m
ean I havent seen anything new come along that has made me say wow! that\'s just a cool idea! The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it,&nbsp;and it&nbsp;did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman why didn\'t you at least give it a decent paint job? It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother? </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">You know, last year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked&nbsp; promoting my site but at the same time, I didn\'t get to spend one minute talking to people or checking out the diplays so this year I decided I wasnt bringing anything but myself. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I should have brought T shirts. I realized that last year, I really hadnt missed anything. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Ok, enough show bashing. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. Its hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow? EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together! </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I do not know why and I have been specula
ting heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didnt see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk!&nbsp; </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.</span></span></p>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Variable: POST.PostText | Value: <p><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Well. Another year and another trip to Baltimore. Wow was I ever underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it is. Maybe it\'s just me. I always end up in Baltimore. It\'s like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while listening to them calling her my mystery girl and they werent sure if she actually existed or not. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Once she did finally show up, no one wanted to talk to me anymore .... but&nbsp;I digress. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I don\'t know what it was but it all seemed less grand this year. There didnt seem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Is it just me or does there seem to be an absolute lack of ingenuity in this industry anymore. I mean
I havent seen anything new come along that has made me say wow! that\'s just a cool idea! The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it,&nbsp;and it&nbsp;did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman why didn\'t you at least give it a decent paint job? It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother? </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">You know, last year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked&nbsp; promoting my site but at the same time, I didn\'t get to spend one minute talking to people or checking out the diplays so this year I decided I wasnt bringing anything but myself. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I should have brought T shirts. I realized that last year, I really hadnt missed anything. </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Ok, enough show bashing. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. Its hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow? EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together! </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">I do not know why and I have been speculatin
g heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didnt see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk!&nbsp; </span></span><span style=\"font-family:georgia, palatino;\"><span style=\"font-size:small;\">Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.</span></span></p>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
REMOTE_ADDR: 69.2.235.18
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home2/towmenet/public_html/modules/boonex/blogs/blogs.php
QUERY_STRING:
REQUEST_URI: /blogs/
QUERY_STRING:
SCRIPT_NAME: /modules/boonex/blogs/blogs.php
PHP_SELF: /modules/boonex/blogs/blogs.php
[/code]
http://towtalk.net ... Hosted by Zarconia.net! |
Sky.... you didn't post html code directly into tinymce's wysiwyg window.... did you?
I had a much bigger reply, but this P.O.S. site dropped my connection, and I lost the entire post. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I should take the time to read your post. No, I never posted the html code into the wysiwyg window. Always bare text.
http://towtalk.net ... Hosted by Zarconia.net! |
Your post contains character entities instead of the corresponding symbols. That is why you are having this problem. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
Ok! I have this all figured out!
They named it wrong. It's a big system designed to prevent people from using really bad syntax when they are creating a post! LOL!!!
I went back, copied the text from the editor, pasted it into notepad to strip all the formatting, then copied that to a NEW blog post. I removed everything, including the georgia font.
Then I went through the post very carefully to correct all the errors (like I would have done eventually before I posted it) In doing this I discovered a couple things. I had used the apostrophe in at least 3 places to quote something (like 'mystery girl'). It seems I really do have a love affair with that particular piece of punctuation and when you added them all up including all the didn'ts and dont's the amount of them was quite high. I left the ones that were proper and removed ALL the ones that weren't
I then reset my little security thingy to the default 9 - 27 and this is the result
http://towme.net/blogs/entry/AT-Expo-2009-2009-12-02
I think an issue still exists, especuially with the use of the apostrophe or how or when the post entry is being checked, I was able to solve my problem however by just cleaning up the post a bit.
PS, I did get a possible attack error message on this. Total=20
http://towtalk.net ... Hosted by Zarconia.net! |
Your post contains character entities instead of the corresponding symbols. That is why you are having this problem.
I'm not sure why. I didn't enter them that way. I used the wysiwyg side of the editor and never made any changes to the source. I let it develop it's own html. When you copy the text directly out of the wysiwyg, that is the result when pasted somewhere else. I have seen this happen before in these types of editors, if you keep editing a comment, it doesn;t fix or remove what was there, it just has a tendency to add more tags, like <font><font><font>... Maybe that's whats causing the issue?
http://towtalk.net ... Hosted by Zarconia.net! |
The PHPIDS authors are contantly updating their filter file. This probably should have been made a module so we could easily keep it up to date. Additionally, as a module it may be possible to add exclusions etc.
For example ... your post in smoketest scores a 53 but with allow safe html it scores a 13 (happened to be the georgia font statement btw :) )
Trying to find out how to include the "allow safe html" bit in the config.ini file for PHPIDS but havnt found it yet.
|
Ok, I know this is going to make me look stupid but how on earth can a font type be any kind of security risk? http://towtalk.net ... Hosted by Zarconia.net! |
I have submitted this text to PHPIDS as false positive, hope they will do something:
<p>Well. Another year and another trip to Baltimore. Wow was I underwhelmed! Same old people, same old exhibitors, same old stuff. I even ate at the same old restaurant across the street with the same old lame service and bad food.I don't know what it is. Maybe it's just me. I always end up in Baltimore. It's like an addiction to popsicles. They are really good for the first half a dozen or so then your mouth gets numb and it becomes a chore. I think what finally did me in was those absolutely fantastic $5 burgers in the food court or trying to keep up with my Gothic office manager that I allowed to come along with me this year. I spent the entire time I was there telling people I had no idea where she was and she would eventually show up all the while lstening to them calling her my 'mystery girl' and they weren't sure if she actually existed or not.<br />Once she did finally show up, no one wanted to talk to me anymore .... but I digress...<br />I don't know what it was but it all seemed less grand this year. There didn'tseem to be the same sparkle as before, the amount of people that came seemed less, there was absolutely nothing new to be found anywhere in the entire complex. I think it just finally got old for me.<br />Is it justy me or does there seem to be an absolute lack of ingenuity in this industry anymore? I mean I haven't seen anything new come along that has made me say 'wow! that's just a cool idea!' The only thing that remotely surprised me was the Metro zero degree med duty bed. I saw it, It did not impress me anymore than the Galaxy I already owned. I felt like asking the salesman 'why didn't you at least give it a decent paint job?' It seems foolish to me to bring an unpolished display where tens of thousands of towers are going to examine it and pick it apart. Why bother?<br />Oh my gawd! I sound like the ulrimate whiner! You know, alst year I came with about 500 TowTalk T shirts. I spent the entire weekend dragging a suitcase behind me handing them out. People seemed thankful and I liked promoting my site but at the same time, I didn't get to spend one minute talking to people or checking out th0 diplays so this year I decded I wasn't bringing anything but myself.<br />I should have brought T shirts. I realized that last year, I really hadn't missed anything.<br />Ok, enough show bashing. There is something else I want to talk about. Peeing on each others tree. You can make your pee more pungent if you limit how much wa ... wait, I have a better way to put this. Every day we see articles posted by the supposed experts that we need to combine our efforts in this industry and start working together. It's hard to do and even harder to visualize when all around you there are factions fighting for control. This manufacturer against that manufacturer, this trainer or that trainer, which do we follow, EMS and towers on separate sides of the room etc. Then I went to a seminar and in this seminar I saw these two guys doing a class together! (Look at the image in the upper left hand corner of this blog).<br />I do not know why and I have been speculating heavily on what conditions may have existed that would cause these two guys to get together for a training class. Tom Luciano from Miller Industries and Terry Hummelsine from Wreckmaster! After all that I didn't see and all the wows that I never got to say I finally got to rejoice! WOW! Two guys from completely different camps working together to further the training cause of this industry! My hats are off to both these gentlemen and I want to say thank you for stepping up to the plate and finally walking the walk! <br />Maybe sometime in the distant future we really will be able to come together as an indusrtry and start affecting some change. Thanks to these two guys, for me anyways, the light at the end of that tunnel just got a lot closer.</p>
Rules → http://www.boonex.com/terms |
Also I suggest to disable magic_quoted_gpc to lower the impact, without backslashes the impact is lower!
Dolphin 7 should work fine with magic_quoted_gpc disabled now, also disabling of this setting will make your site a little bit faster.
Rules → http://www.boonex.com/terms |
I will need instructions on just how to do that..... Thank you sir! http://towtalk.net ... Hosted by Zarconia.net! |
I think it's time to ditch PHPIDS. How are we to believe that it is capable of telling the difference between normal posts and a real attack? My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I will need instructions on just how to do that..... Thank you sir!
in cPanel look for PHP EZ-Config and check the appropriate box or edit your php.ini directly and do a FIND to locate it and change.
|
