Possible attack when trying to edit profile

Boonex, it is cool to have the RC but I can't even use it. I tried editing the admin profile but when clicking save I get:

Possible attack!!! All data has been collected and sent to the site owner for analysis.

It means no profile can be edited. Data is not saved either.

I have not tried signing up a new user but I guess I will have the same error.

I hope this is fixed fast.

ANYONE HAVE A SOLUTION FOR THIS?

Bugs email output

Total impact: 8
Affected tags: xss, csrf, id, rfe

Variable: REQUEST.DescriptionMe.0 | Value: <p>Welcome to D-Live Entertainment.
I hope you will have a good time here and find some good contacts for your music
projects/ideas. This site is for everyone who loves music. </p>
<p>If you have any questions, do not hesitate to send me or other staff
members a message.</p>
<p>Show us what you got. Let\'s hear your music. Get noticed.</p>
Impact: 4 | Tags: xss, csrf, id, rfe
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Variable: POST.DescriptionMe.0 | Value: <p>Welcome to D-Live Entertainment. I
hope you will have a good time here and find some good contacts for your music
projects/ideas. This site is for everyone who loves music. </p>
<p>If you have any questions, do not hesitate to send me or other staff
members a message.</p>
<p>Show us what you got. Let\'s hear your music. Get noticed.</p>
Impact: 4 | Tags: xss, csrf, id, rfe
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

REMOTE_ADDR: 87.210.208.143
HTTP_X_FORWARDED_FOR: 
HTTP_CLIENT_IP: 

Total impact: 16
Affected tags: xss, csrf, id, rfe

Variable: REQUEST.DescriptionMe.0 | Value: <p><span
class=\"Apple-style-span\" style=\"border-collapse: separate; color:
#000000; font-family: \'Times New Roman\'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;\">
<div style=\"margin: 8px; color: #000000; font-family:
Verdana,Arial,Helvetica,sans-serif; font-size: 10px; background-color:
#ffffff;\">
<p>Welcome to D-Live Entertainment. I hope you will have a good time here and
find some good contacts for your music projects/ideas. This site is for everyone who
loves music. </p>
<p>If you have any questions, do not hesitate to send me or other staff
members a message.</p>
<p>Show us what you got. Let\'s hear your music. Get noticed.</p>
<p>Enjoy</p>
</div>
</span></p>
Impact: 8 | Tags: xss, csrf, id, rfe
Description: finds html breaking injections including whitespace attacks | Tags:
xss, csrf | ID: 1
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

Variable: POST.DescriptionMe.0 | Value: <p><span
class=\"Apple-style-span\" style=\"border-collapse: separate; color:
#000000; font-family: \'Times New Roman\'; font-size: medium; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal; line-height:
normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px;\">
<div style=\"margin: 8px; color: #000000; font-family:
Verdana,Arial,Helvetica,sans-serif; font-size: 10px; background-color:
#ffffff;\">
<p>Welcome to D-Live Entertainment. I hope you will have a good time here and
find some good contacts for your music projects/ideas. This site is for everyone who
loves music. </p>
<p>If you have any questions, do not hesitate to send me or other staff
members a message.</p>
<p>Show us what you got. Let\'s hear your music. Get noticed.</p>
<p>Enjoy</p>
</div>
</span></p>
Impact: 8 | Tags: xss, csrf, id, rfe
Description: finds html breaking injections including whitespace attacks | Tags:
xss, csrf | ID: 1
Description: Detects JavaScript language constructs | Tags: xss, csrf, id, rfe | ID: 20

REMOTE_ADDR: 87.210.208.143
HTTP_X_FORWARDED_FOR: 
HTTP_CLIENT_IP: 

I didn't even had my wine yet lol , spent most of the time looking for bug's , i had possible attack too , we are waiting for the fix ...

Peace and Bread.

Eli

Lol, I had just installed it thinking I was going to launch it but to bad. It seems i'll have to hold on a little longer. Well time to go do something else now.

Well, I checked profile edit on boonex's demo site and there is no possible attack there so that's strange.

Boonex expert they do some magic in them web site to keep it working , am not sure what ingredients they use !

With fresh D7RC install, trying to make navi buttons invisible, the popup window hangs from time to time using firefox on, and for that or maybe an another reason I then get tons of possible attatck emails like the following one:

Total impact: 10
Affected tags: dt, id, lfi

Variable: REQUEST.Link | Value: modules/?r=board/home/|modules/?r=board/|modules/?r=photos/browse/category/Board|m/photos/browse/category/Board
Impact: 5 | Tags: dt, id, lfi
Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID: 11

Variable: POST.Link | Value: modules/?r=board/home/|modules/?r=board/|modules/?r=photos/browse/category/Board|m/photos/browse/category/Board
Impact: 5 | Tags: dt, id, lfi
Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID: 11

REMOTE_ADDR: 83.44.140.49
HTTP_X_FORWARDED_FOR: 
HTTP_CLIENT_IP: 

Strange. My possible attack error is gone. It works fine for me now.

have you ever tried to add a face book fan widget script to you html block and got possible attack ?

I have not tried that yet

I did and got a possible attack. Had a real fun time trying to get that HTML block off there where I could view the page again.

You see man how annoying it's , it does even block you to not get back to your site ! sometimes it could even change your password automaticly , Now i stoped trying it lol i will wait until they fix it .

If you had any problem like that next time just replace the BXDOLEMAILTEMPLATE.PHP from INi-->classes with a new one

Peace and Bread .

Eli

I also have the same problem with trying to edit email templates. After you hit save you get the possible attack message.

Same here. It's getting annoying.

Its pathetic, the same attack comes when you make custom profile fields too.

Ticket added (generic): http://www.boonex.com/trac/dolphin/ticket/1467

These problems have been fixed in 13237 and 13238 revisions.

I got the "possible attack" notice after adding a custom html text area to the Edit Profile. This bug does not affect all profiles, it seems. As a work-around, I changed all my custom html text areas to plain text areas. But I still have another issue with the edit profile page...

The "Save" button on the edit profile page become non-responsive when text is added to any of my custom text areas. This does not affect all profiles, though. I suppose it would be easier to solve if it affected everyones profile uniformly...