Hello
i'm try to create my first poll when i add more than 10 Answer i get this: Possible attack!!! All data has been collected and sent to the site owner for analysis.
than the report to my email
Total impact: 8
Affected tags: xss, csrf, id, rfe
Variable: REQUEST.answers.3 | Value: Precious: Based on the Novel \"Push\"
Impact: 4 | Tags: xss, csrf, id, rfe
Description: Detects JavaScript array properties and methods | Tags: xss, csrf, id, rfe | ID: 18
Variable: POST.answers.3 | Value: Precious: Based on the Novel \"Push\"
Impact: 4 | Tags: xss, csrf, id, rfe
Description: Detects JavaScript array properties and methods | Tags: xss, csrf, id, rfe | ID: 18
REMOTE_ADDR: 00.00.00.000
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
Post Reply - if you going to help - No for - bla bla bla bla |
Alex just put in a new update, did you follow that? |
No friend where i can get the new update Post Reply - if you going to help - No for - bla bla bla bla |
Nothing to see here |
Its near the bottom. You need to apply the changeset and the sql commands. |
Ya I'm getting possible attack issues too even with the new changeset. The only thing I am not getting is the email since the security email threshold is at 25, but it does not work.
edit: i uninstalled the module and reinstalled it and now it works. It appears you have to do that to every module you make the changeset not just one of them.
|
Zarcon can u send me the lnik so i can download the new fix i read that post before and they say don't work
if the realy fix this they realy need to add this update on the tool / module and see the updates so u can press the update button more easy for noob like me than adding some code to make work
Post Reply - if you going to help - No for - bla bla bla bla |
Need to follow these: (scroll to the botton and download the actual files in zip format instead of try to edit each code)
http://www.boonex.com/trac/dolphin/changeset/13237
http://www.boonex.com/trac/dolphin/changeset/13238
http://www.boonex.com/trac/dolphin/changeset/13244
http://www.boonex.com/trac/dolphin/changeset/13245
http://www.boonex.com/trac/dolphin/changeset/13259
Since main sql file was changed in the last fix, you need to run the
following sql script manually to apply changes to your database:
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_log', '9', 3, 'Total security
impact threshold to send report', 'digit', '', '', 0, '');
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_block', '27', 3, 'Total security
impact threshold to send report and block aggressor', 'digit', '', '',
0, '');
After this sql script is executed you need to clean /cache/ directory.
After this fix please clean /cache/ directory and reinstall one of these modules:
ads
articles
avatar
blog
events
feedback
files
forum
groups
news photos
poll
sites
sounds
store
videos
Two
new security options were added in Administration -> Settings ->
Advanced Settings -> Other. Now you can control when to just send
mail about possible attack and when to stop aggressor. There is an
impact number, if impact is high(> 25) then security risk is high
too.
This is pretty much it in a nutshell. There is no 1 file you can download to update everything, that I know of.
Chris
Nothing to see here |
Thanks Zarcon I missed 44 and 45, that fixed the menu builder issue for me. |
Thank You Guys I will try this later Post Reply - if you going to help - No for - bla bla bla bla |
Schaweet. Glad to see this has been fixed from what we can tell. As I stated earlier, it sure would be nice if all the updated files and scripts were released to us in 1 package instead of having to do all these updates.
Hint Hint AlexT (make us a download package) and THANKS A BUNCH for your help on this.
Chris
Nothing to see here |
Zarcon do i need to do the sql
Since main sql file was changed in the last fix, you need to run the
following sql script manually to apply changes to your database:
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_log', '9', 3, 'Total security
impact threshold to send report', 'digit', '', '', 0, '');
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_block', '27', 3, 'Total security
impact threshold to send report and block aggressor', 'digit', '', '',
0, '');
Post Reply - if you going to help - No for - bla bla bla bla |
Zarcon do i need to do the sql
Since main sql file was changed in the last fix, you need to run the
following sql script manually to apply changes to your database:
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_log', '9', 3, 'Total security
impact threshold to send report', 'digit', '', '', 0, '');
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_block', '27', 3, 'Total security
impact threshold to send report and block aggressor', 'digit', '', '',
0, '');
Yes run those 2 scripts. This is what places the options in your Advanced Settings (see below instructions):
Two
new security options were added in Administration -> Settings ->
Advanced Settings -> Other. Now you can control when to just send
mail about possible attack and when to stop aggressor. There is an
impact number, if impact is high(> 25) then security risk is high
too.
Nothing to see here |
i realy dont get the first step about the sql
INSERT INTO `sys_options`
VALUES('sys_security_impact_threshold_block', '27', 3, 'Total security
impact threshold to send report and block aggressor', 'digit', '', '',
0, '');
Post Reply - if you going to help - No for - bla bla bla bla |
