Possible Attack !

I have no idea what the hell is this , but i know i tried to put back the content of about us in the box in language settings so maybe it caused this but how to repare it ?

Thanks .

Total impact: 30
Affected tags: xss, csrf, sqli, id

Variable: REQUEST.string_for_1 | Value: <div class=\"faq_cont\">
<div class=\"faq_header\">Is Dolphin free?</div>
<div class=\"faq_snippet\">
Yes. Dolphin is free to use for as long as you wish, and contains small links or ads that are references to
Boonex. If you wish to remove these at any time, you may purchase a license for that.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I get free Dolphin license?</div>
<div class=\"faq_snippet\">
Dolphin free licenses are available at <a href=\"http://www.boonex.com/unity/\">Unity</a>. Join Unity and go to the My Licenses? section of your account, where you may generate an unlimited number of Dolphin free licenses.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">How can I edit the default Dolphin content?</div>
<div class=\"faq_snippet\">
The default Dolphin content can be edited in the language file:<br />
Admin Panel -> Settings -> Languages Settings -> Search for strings -> \"Look for\" here you should search <br />
for the corresponding language key and change its value.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I download the latest Dolphin version?</div>
<div class=\"faq_snippet\">
You can learn more about the latest Dolphin version, its improvements, newly implemented features and a download link on the BoonEx main <a href=\"http://www.boonex.com/products/dolphin/download/\">website</a>.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">How can I test the latest version?</div>
<div class=\"faq_snippet\">
You are welcome to test the latest Dolphin version on our live site - <a href=\"http://www.boonex.us/\">BoonEx.us</a>
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I get support services?</div>
<div class=\"faq_snippet\">
You are welcome to join <a href=\"http://www.boonex.com/unity/\">Unity</a> - the Community of Communities where webmasters and web developers help each other.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I find/order modifications, templates and other plug-ins for my Community website powered by Dolphin?</div>
<div class=\"faq_snippet\">
All miscellaneous products for Dolphin, and other BoonEx products, are offered at <a href=\"http://www.boonex.com/unity/\">Unity</a>.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">What if I have some development skills and can develop modifications or other things for Dolphin?</div>
<div class=\"faq_snippet\">
Join <a href=\"http://www.boonex.com/unity/\">Unity</a>, where you can register as an expert and offer your products and support services.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">What if have some good ideas for future Dolphin versions?</div>
<div class=\"faq_snippet\">
You are welcome to discuss your ideas at <a href=\"http://www.boonex.com/unity/\">Unity</a> or <a href=\"http://www.boonex.com/trac\">TRAC</a> system to contribute to the Dolphin development process.
</div>
</div>
Impact: 15 | Tags: xss, csrf, sqli, id
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects chained SQL injection attempts 1/2 | Tags: sqli, id | ID: 48

Variable: POST.string_for_1 | Value: <div class=\"faq_cont\">
<div class=\"faq_header\">Is Dolphin free?</div>
<div class=\"faq_snippet\">
Yes. Dolphin is free to use for as long as you wish, and contains small links or ads that are references to
Boonex. If you wish to remove these at any time, you may purchase a license for that.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I get free Dolphin license?</div>
<div class=\"faq_snippet\">
Dolphin free licenses are available at <a href=\"http://www.boonex.com/unity/\">Unity</a>. Join Unity and go to the My Licenses? section of your account, where you may generate an unlimited number of Dolphin free licenses.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">How can I edit the default Dolphin content?</div>
<div class=\"faq_snippet\">
The default Dolphin content can be edited in the language file:<br />
Admin Panel -> Settings -> Languages Settings -> Search for strings -> \"Look for\" here you should search <br />
for the corresponding language key and change its value.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I download the latest Dolphin version?</div>
<div class=\"faq_snippet\">
You can learn more about the latest Dolphin version, its improvements, newly implemented features and a download link on the BoonEx main <a href=\"http://www.boonex.com/products/dolphin/download/\">website</a>.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">How can I test the latest version?</div>
<div class=\"faq_snippet\">
You are welcome to test the latest Dolphin version on our live site - <a href=\"http://www.boonex.us/\">BoonEx.us</a>
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I get support services?</div>
<div class=\"faq_snippet\">
You are welcome to join <a href=\"http://www.boonex.com/unity/\">Unity</a> - the Community of Communities where webmasters and web developers help each other.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">Where can I find/order modifications, templates and other plug-ins for my Community website powered by Dolphin?</div>
<div class=\"faq_snippet\">
All miscellaneous products for Dolphin, and other BoonEx products, are offered at <a href=\"http://www.boonex.com/unity/\">Unity</a>.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">What if I have some development skills and can develop modifications or other things for Dolphin?</div>
<div class=\"faq_snippet\">
Join <a href=\"http://www.boonex.com/unity/\">Unity</a>, where you can register as an expert and offer your products and support services.
</div>
</div>

<div class=\"faq_cont\">
<div class=\"faq_header\">What if have some good ideas for future Dolphin versions?</div>
<div class=\"faq_snippet\">
You are welcome to discuss your ideas at <a href=\"http://www.boonex.com/unity/\">Unity</a> or <a href=\"http://www.boonex.com/trac\">TRAC</a> system to contribute to the Dolphin development process.
</div>
</div>
Impact: 15 | Tags: xss, csrf, sqli, id
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: Detects JavaScript with(), ternary operators and XML predicate attacks | Tags: xss, csrf | ID: 7
Description: Detects chained SQL injection attempts 1/2 | Tags: sqli, id | ID: 48

I get this also when trying to access html in the mce editor

Please refer to

http://www.boonex.com/unity/blog/entry/Dolphin_7_Hookie_Beta_8_Online_Demo_updated

YAHHHOOOOOOOO!!! i found cure for this BUG!!!

goto: /DOLPHIN DIRECTORY/inc/security.inc.php

replace the whole content of file with this.

<?php

    if (version_compare(phpversion(), '5.1.6', '>='))
    {

        set_include_path (
            get_include_path()
            . PATH_SEPARATOR
            . BX_DIRECTORY_PATH_PLUGINS . 'phpids/'
        );

        require_once 'IDS/Init.php';
        $request = array(
            'REQUEST' => $_REQUEST,
            'GET' => $_GET,
            'POST' => $_POST,
            'COOKIE' => $_COOKIE,
            'PHP_SELF' => $_SERVER['PHP_SELF'],
        );
       $init = IDS_Init::init(BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/Config/Config.ini');
        $init->config['General']['base_path'] = BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/';
        $init->config['General']['use_base_path'] = true;       
        $init->config['General']['tmp_path'] = '../../../tmp/';
        $init->config['Caching']['path'] = '../../../tmp/default_filter.cache';
        $init->config['General']['html'] = bx_sys_security_get_html_fileds ();

        $init->config['General']['HTML_Purifier_Path'] = BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
        $init->config['General']['HTML_Purifier_Cache'] = '../../htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/';

        $ids = new IDS_Monitor($request, $init);
        $result = $ids->run();
}
  /*   if (!$result->isEmpty())
       {
            require_once( BX_DIRECTORY_PATH_CLASSES . "BxDolService.php" );
            require_once( BX_DIRECTORY_PATH_INC . 'design.inc.php' );
            require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
            require_once( BX_DIRECTORY_PATH_INC . 'utils.inc.php' );
            $s = (string)$result;
            $s .=  "\nREMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'];
            $s .=  "\nHTTP_X_FORWARDED_FOR: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
            $s .=  "\nHTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP'];
            sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' -  possible attack!', $s, 0, array(), 'text');
            echo 'Possible attack!!! All data has been collected and sent to the site owner for analysis.';
            exit;
        }
    } else {
        echo 'Site secutity module is disabled, please upgrade to php 5.1.6 or higher to make your site secure.';
    }
   
*/
    function bx_sys_security_get_html_fileds () {
        $sCacheFile = BX_DIRECTORY_PATH_CACHE . 'db_sys_html_fields.php';
        if (!file_exists($sCacheFile)) {
            require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
            $mixedVar = $GLOBALS['MySQL']->fromCache ('sys_html_fields', 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_html_fields' LIMIT 1");
        } else {
            include $sCacheFile;
        }
        $mixedVar = unserialize ($mixedVar);
        if (!$mixedVar || !is_array($mixedVar))
            return array ();
        $a = array ();
        foreach ($mixedVar as $r)
            $a = array_merge ($a, $r);
        return $a;
    }
   
    ?>

YAHHHOOOOOOOO!!! i found cure for this BUG!!!

goto: /DOLPHIN DIRECTORY/inc/security.inc.php

replace the whole content of file with this.

<?php

    if (version_compare(phpversion(), '5.1.6', '>='))
    {

        set_include_path (
            get_include_path()
            . PATH_SEPARATOR
            . BX_DIRECTORY_PATH_PLUGINS . 'phpids/'
        );

        require_once 'IDS/Init.php';
        $request = array(
            'REQUEST' => $_REQUEST,
            'GET' => $_GET,
            'POST' => $_POST,
            'COOKIE' => $_COOKIE,
            'PHP_SELF' => $_SERVER['PHP_SELF'],
        );
       $init = IDS_Init::init(BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/Config/Config.ini');
        $init->config['General']['base_path'] = BX_DIRECTORY_PATH_PLUGINS . 'phpids/IDS/';
        $init->config['General']['use_base_path'] = true;       
        $init->config['General']['tmp_path'] = '../../../tmp/';
        $init->config['Caching']['path'] = '../../../tmp/default_filter.cache';
        $init->config['General']['html'] = bx_sys_security_get_html_fileds ();

        $init->config['General']['HTML_Purifier_Path'] = BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
        $init->config['General']['HTML_Purifier_Cache'] = '../../htmlpurifier/standalone/HTMLPurifier/DefinitionCache/Serializer/';

        $ids = new IDS_Monitor($request, $init);
        $result = $ids->run();
}
  /*   if (!$result->isEmpty())
       {
            require_once( BX_DIRECTORY_PATH_CLASSES . "BxDolService.php" );
            require_once( BX_DIRECTORY_PATH_INC . 'design.inc.php' );
            require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
            require_once( BX_DIRECTORY_PATH_INC . 'utils.inc.php' );
            $s = (string)$result;
            $s .=  "\nREMOTE_ADDR: " . $_SERVER['REMOTE_ADDR'];
            $s .=  "\nHTTP_X_FORWARDED_FOR: " . $_SERVER['HTTP_X_FORWARDED_FOR'];
            $s .=  "\nHTTP_CLIENT_IP: " . $_SERVER['HTTP_CLIENT_IP'];
            sendMail($GLOBALS['site']['bugReportMail'], $GLOBALS['site']['url'] . ' -  possible attack!', $s, 0, array(), 'text');
            echo 'Possible attack!!! All data has been collected and sent to the site owner for analysis.';
            exit;
        }
    } else {
        echo 'Site secutity module is disabled, please upgrade to php 5.1.6 or higher to make your site secure.';
    }
   
*/
    function bx_sys_security_get_html_fileds () {
        $sCacheFile = BX_DIRECTORY_PATH_CACHE . 'db_sys_html_fields.php';
        if (!file_exists($sCacheFile)) {
            require_once( BX_DIRECTORY_PATH_INC . 'db.inc.php' );
            $mixedVar = $GLOBALS['MySQL']->fromCache ('sys_html_fields', 'getOne', "SELECT `VALUE` FROM `sys_options` WHERE `Name` = 'sys_html_fields' LIMIT 1");
        } else {
            include $sCacheFile;
        }
        $mixedVar = unserialize ($mixedVar);
        if (!$mixedVar || !is_array($mixedVar))
            return array ();
        $a = array ();
        foreach ($mixedVar as $r)
            $a = array_merge ($a, $r);
        return $a;
    }
   
    ?>

Yahooo I have made fix for this bug! its works for me...i hope its work for u as well

download this file and replace it with: /DOLPHIN DIRECTORY/inc/security.inc.php

http://www.mediafire.com/?hciyinnjn20

Guy you have an old version of security.inc.php

This is the last:

http://www.boonex.com/trac/dolphin/browser/trunk/inc/security.inc.php

have you applied the changeset after beta 8 release? There are some that fix "Possible Attack" error!

I have applied all update from http://www.boonex.com/trac/dolphin/browser/trunk/ but i still received this message every minute: