http://mysite.com/ - security attack was stopped!
Total impact: 62
Affected tags: xss, csrf, id, rfe, lfi
Variable: REQUEST.DescriptionMe.0 | Value: <p style=\"text-align: left;\">I guess just looking to meet some new people.&nbsp;<img title=\"Laughing\" src=\"http://plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gifhttp://mysite.com/\" border=\"0\" alt=\"Laughing\" /> Into riding quads, active drummer for 5 years, metal and D\'n\'B and PARTIES! Oh, and my in-game toons name is Hydra Silvershot..yeahh..pm me in-game sometime to chat it up or play!</p>
Impact: 31 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
Variable: POST.DescriptionMe.0 | Value: <p style=\"text-align: left;\">I guess just looking to meet some new people.&nbsp;<img title=\"Laughing\" src=\"http://plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gifhttp://mysite.com/\" border=\"0\" alt=\"Laughing\" /> Into riding quads, active drummer for 5 years, metal and D\'n\'B and PARTIES! Oh, and my in-game toons name is Hydra Silvershot..yeahh..pm me in-game sometime to chat it up or play!</p>
Impact: 31 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
REMOTE_ADDR: ##.###.##.##
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/mysite/public_html/d7/join.php
QUERY_STRING:
REQUEST_URI: /join.php
QUERY_STRING:
SCRIPT_NAME: /join.php
PHP_SELF: /join.php
I'm getting this error message in my email and i am assuming that it has something to do with the fact the user put a smily in his description message in his profile. I just did the upgrade from rc to rc2 and everything seemed to be ok except for a cron error and this one. Not really sure what i should do about this and i am hoping i don't have to mess with my users post in his profile and there is an easier fix.
|
This is strange. A smiley is nothing more than an img tag. As far as I know, no hacker has ever taken down a site with the img tag.
This does make me wonder if PHPIDS is configured as a pre filter or post filter. Just to be clear, pre filter would mean that ONLY the text/code entered by the user is considered by PHPIDS. Post filter would mean that PHPIDS scrutiny is applied AFTER the text/code entered by the used is formatted by the Dolphin script for storage in the DB.
I don't know much about PHPIDS, but if it is configured to make a security assesment AFTER user supplied text/code is formatted by the script for DB storage, that is NOT the right thing to do, and will never render a correct assesment. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I have no idea what this error is but it's not an attack. Some code error somewhere must be causing this. It could be something i did I'm not sure but I would like to know how to fix this. Since i have done the rc1 to rc2 upgrade i have gotten that message and also the profiles don't customize anymore and i am betting that i did something wrong somewhere but i don't know what. |
They seem to also happen if a user puts a link in his profile while he is joining - for example in the "DescriptionMe" TinyMCE field. If security is going to block that, then it shouldn't be allowed in the first place. |
I happened to notice this as well. It seems that if someone inserts a smiley when joining, they might as well forget it. It WILL cause a PA and block the user.
Someone should really look into this.
Chris
Nothing to see here |
Anyone else got possible attack when trying to save email template in admin .
thanks .
Proud Hosted by Zarconia.net |
Please try to join with the same text here:
http://demozzz.com/dolphin7b/
http://mysite.com/ - security attack was stopped!
Total impact: 62
Affected tags: xss, csrf, id, rfe, lfi
Variable: REQUEST.DescriptionMe.0 | Value: <p style=\"text-align: left;\">I guess just looking to meet some new people.&nbsp;<img title=\"Laughing\" src=\"http://plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gifhttp://mysite.com/\" border=\"0\" alt=\"Laughing\" /> Into riding quads, active drummer for 5 years, metal and D\'n\'B and PARTIES! Oh, and my in-game toons name is Hydra Silvershot..yeahh..pm me in-game sometime to chat it up or play!</p>
Impact: 31 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
Variable: POST.DescriptionMe.0 | Value: <p style=\"text-align: left;\">I guess just looking to meet some new people.&nbsp;<img title=\"Laughing\" src=\"http://plugins/tiny_mce/plugins/emotions/img/smiley-laughing.gifhttp://mysite.com/\" border=\"0\" alt=\"Laughing\" /> Into riding quads, active drummer for 5 years, metal and D\'n\'B and PARTIES! Oh, and my in-game toons name is Hydra Silvershot..yeahh..pm me in-game sometime to chat it up or play!</p>
Impact: 31 | Tags: xss, csrf, id, rfe, lfi
Description: finds html breaking injections including whitespace attacks | Tags: xss, csrf | ID: 1
Description: finds attribute breaking injections including whitespace attacks | Tags: xss, csrf | ID: 2
Description: finds malicious attribute injection attempts | Tags: xss, csrf | ID: 69
Description: Detects JavaScript location/document property access and window access obfuscation | Tags: xss, csrf | ID: 23
Description: Detects obfuscated script tags and XML wrapped HTML | Tags: xss | ID: 33
Description: Detects possibly malicious html elements including some attributes | Tags: xss, csrf, id, rfe, lfi | ID: 38
Description: finds attribute breaking injections including obfuscated attributes | Tags: xss, csrf | ID: 68
REMOTE_ADDR: ##.###.##.##
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/mysite/public_html/d7/join.php
QUERY_STRING:
REQUEST_URI: /join.php
QUERY_STRING:
SCRIPT_NAME: /join.php
PHP_SELF: /join.php
I'm getting this error message in my email and i am assuming that it has something to do with the fact the user put a smily in his description message in his profile. I just did the upgrade from rc to rc2 and everything seemed to be ok except for a cron error and this one. Not really sure what i should do about this and i am hoping i don't have to mess with my users post in his profile and there is an easier fix.
Rules → http://www.boonex.com/terms |
AlexT,
I made a profile at the link you gave and inserted a smiley during the signup. See if you get the message that i got. The username is iTech
|
i set the description text area as just a text area instead of html text area so people cant add smileys when they sign up so this should stop the error from happening until there is a fix for this. It seems to be fine now. |
AlexT,
I made a profile at the link you gave and inserted a smiley during the signup. See if you get the message that i got. The username is iTech
I haven't received any error, and your profiles looks, like you was joined without a problem. It seems that something is wrong with your installation.
Rules → http://www.boonex.com/terms |
