While trying to insert an HTML back into _about_us or any footer i got a possible attack, yesterday i had to start my site from new because of this , now again the same thing , so funny getting a possible attack by the company who created the software lol , anyway i wish last release will be clean and just simple , yes Simple no complication . why not just have such an easy option to modify the footer instead of going through a lot sweating ...
Peace and Bread
Eli.
Variable: REQUEST.string_for_1 | Value: <div class=\"about_us_cont\">
<div class=\"about_us_snippet\">
<a href=\"http://www.boonex.com/products/dolphin/\">Dolphin Smart Community Builder</a> was developed by <a href=\"http://www.boonex.com/\">BoonEx Community Software Experts</a>.<br><br>
<a href=\"http://www.boonex.com/products/dolphin/\">Dolphin</a> Smart Community Builder is based on aeDating, the most popular dating
software on the internet. Since the first Dolphin version was released
on May 2006, it has been modernized, supplemented, improved
considerably and become an even more popular Community software than
the aeDating script was.<br>
In conformity with the <a href=\"http://www.boonex.com/mission/\">\"Unite People\"</a> mission, BoonEx strongly believes that Community
software should be offered free of charge, since the Community unites
people of different cultures, nationalities and
races.<br><br>
BoonEx carries out its mission through Dolphin by improving it
constantly and releasing at least 4 versions every six months. Thus
Dolphin offers you advanced <a href=\"http://www.boonex.com/products/dolphin/features/\">features</a> which Internet users love very much: groups, photo gallery, blog,
members articles and much more. Dolphin is also integrated with <a
href=\"http://www.boonex.com/products/orca/\">Orca Interactive Forum Script</a> and all the <a href=\"http://www.boonex.com/products/ray/\">Ray Widgets</a>, such as: <a href=\"http://www.boonex.com/products/ray/widgets/im/\">Instant Messenger</a>, <a href=\"http://www.boonex.com/products/ray/widgets/chat/\">Chat</a>, <a href=\"http://www.boonex.com/products/ray/widgets/presence/\">Web Presence</a>, <a href=\"http://www.boonex.com/products/ray/widgets/whiteboard/\">Whiteboard</a>, <a href=\"http://www.boonex.com/products/ray/widgets/mp3/\">Music Player</a>, <a href=\"http://www.boonex.com/products/ray/widgets/recorder/\">Video Recorder</a>, Video Player.<br><br>
Dolphin, as well as other BoonEx products, is supported by the <a href=\"http://www.boonex.com/unity/\">Unity - the Community of Communities</a> system. At Unity you may get a
high quality services and plugins to expand you site functionality.
Unity is a moderated system so each product is tested by Unity
moderators, pundits and administrators.
In aspiring to achieve perfection <a href=\"http://www.boonex.com/unity/\">BoonEx Unity</a> system has a special Web Blog where General director
Andrey Sivtsov discusses themes concerning the future versions of all
BoonEx products with everyone interested.
All interested persons are welcome to bring their contribution to Dolphin development.
</div>
</div>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Variable: POST.string_for_1 | Value: <div class=\"about_us_cont\">
<div class=\"about_us_snippet\">
<a href=\"http://www.boonex.com/products/dolphin/\">Dolphin Smart Community Builder</a> was developed by <a href=\"http://www.boonex.com/\">BoonEx Community Software Experts</a>.<br><br>
<a href=\"http://www.boonex.com/products/dolphin/\">Dolphin</a> Smart Community Builder is based on aeDating, the most popular dating
software on the internet. Since the first Dolphin version was released
on May 2006, it has been modernized, supplemented, improved
considerably and become an even more popular Community software than
the aeDating script was.<br>
In conformity with the <a href=\"http://www.boonex.com/mission/\">\"Unite People\"</a> mission, BoonEx strongly believes that Community
software should be offered free of charge, since the Community unites
people of different cultures, nationalities and
races.<br><br>
BoonEx carries out its mission through Dolphin by improving it
constantly and releasing at least 4 versions every six months. Thus
Dolphin offers you advanced <a href=\"http://www.boonex.com/products/dolphin/features/\">features</a> which Internet users love very much: groups, photo gallery, blog,
members articles and much more. Dolphin is also integrated with <a
href=\"http://www.boonex.com/products/orca/\">Orca Interactive Forum Script</a> and all the <a href=\"http://www.boonex.com/products/ray/\">Ray Widgets</a>, such as: <a href=\"http://www.boonex.com/products/ray/widgets/im/\">Instant Messenger</a>, <a href=\"http://www.boonex.com/products/ray/widgets/chat/\">Chat</a>, <a href=\"http://www.boonex.com/products/ray/widgets/presence/\">Web Presence</a>, <a href=\"http://www.boonex.com/products/ray/widgets/whiteboard/\">Whiteboard</a>, <a href=\"http://www.boonex.com/products/ray/widgets/mp3/\">Music Player</a>, <a href=\"http://www.boonex.com/products/ray/widgets/recorder/\">Video Recorder</a>, Video Player.<br><br>
Dolphin, as well as other BoonEx products, is supported by the <a href=\"http://www.boonex.com/unity/\">Unity - the Community of Communities</a> system. At Unity you may get a
high quality services and plugins to expand you site functionality.
Unity is a moderated system so each product is tested by Unity
moderators, pundits and administrators.
In aspiring to achieve perfection <a href=\"http://www.boonex.com/unity/\">BoonEx Unity</a> system has a special Web Blog where General director
Andrey Sivtsov discusses themes concerning the future versions of all
BoonEx products with everyone interested.
All interested persons are welcome to bring their contribution to Dolphin development.
</div>
</div>
Impact: 4 | Tags: xss, csrf
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
