OK Here's another one :
POssible Attack lol , am going to go crazy here !
Stress and too much stress .
step by step :
1- gone to language created _Facebook Fan and i did put the string language for it Facebook Fan .
2- Back to page builder choosed HOMEPAGE ----> Html Block -----> changed it to _Facebook Fan and i had Facebook fan .
3- I did put this script : ( Facebook Fan widget script ) in the blank area for the html block :
<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_GB"></script><script type="text/javascript">FB.init("a707eb03c91f5dcaf6771d351177b05a");</script><fb:fan profile_id="191603651353" stream="" connections="10" width="300"></fb:fan><div style="font-size:8px; padding-left:10px"><a href="http://www.facebook.com/apps/application.php?id=191603651353">The Moroccan Community Project on Facebook</a> </div>
When i did back to the main home page to check it :
I find a huge----> Possible attack!!! All data has been collected and sent to the site owner for analysis.
Please i don't need any more help about this possible attack, but what i need just a clear statement from boonex develloper to clearify why didnt take my forum post about this subjuct Seriouse ...
You guy's try it !
Eli
This is the result :
Total impact: 12
Affected tags: sqli, id, lfi
Variable: REQUEST.fbsetting_a707eb03c91f5dcaf6771d351177b05a | Value:
{\"connectState\":1,\"oneLineStorySetting\":1,\"shortStorySetting\":1,\"inFacebook\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Variable: COOKIE.fbsetting_a707eb03c91f5dcaf6771d351177b05a | Value:
{\"connectState\":1,\"oneLineStorySetting\":1,\"shortStorySetting\":1,\"inFacebook\":false}
Impact: 6 | Tags: sqli, id, lfi
Description: Detects classic SQL injection probings 2/2 | Tags: sqli, id, lfi | ID: 43
Centrifuge detection data Threshold: 3.49 Ratio: 2.5
REMOTE_ADDR: xxxxxxxxxxx
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
