security report

Reply·Subscribe
tomakali
tomakaliAdvanced
41 posts
0
 

Total impact: 5
Affected tags: dt, id, lfi

Variable: POST.relocate | Value: http://www.tomakali.net/m/chat/home/
Impact: 5 | Tags: dt, id, lfi
Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID: 11

REMOTE_ADDR: 122.164.246.129
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/tomnet/public_html/

member.php
QUERY_STRING:
REQUEST_URI: /member.php
QUERY_STRING:
SCRIPT_NAME: /member.php
PHP_SELF: /member.php
is this a bug?
i cannot post anything in blogs,articles etc
even as administrator
Quote · 15 Feb 2011
houstonlively
houstonlivelyBosun
6808 posts
0
 

Why are you even wasting your time with phpids by having it enabled?  You know as well as the rest of us, that it has never worked.  Boonex should just remove the P.O.S. from Dolphin.  I don't think PHPIDS was developed with Dolphin in mind.  I'm really surprised that it's still a part of Dolphin.  It makes no sense to keep it.

My opinions expressed on this site, in no way represent those of Boonex or Boonex employees.
Quote · 15 Feb 2011
tomakali
tomakaliAdvanced
41 posts
0
 

Total impact: 5
Affected tags: dt, id, lfi

Variable: POST.promo_relocation_link_

member | Value: http://tomakali.net/m/inviter/home/
Impact: 5 | Tags: dt, id, lfi
Description: Detects specific directory and path traversal | Tags: dt, id, lfi | ID: 11

REMOTE_ADDR: 122.164.31.185
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/tomnet/public_html/administration/advanced_settings.php
QUERY_STRING:
REQUEST_URI: /administration/advanced_settings.php
QUERY_STRING:
SCRIPT_NAME: /administration/advanced_settings.php
PHP_SELF: /administration/advanced_settings.php
this suks...
cant even save the settings :(
Quote · 15 Feb 2011
Nathan Paton
Nathan PatonUndefined
9604 posts
0
 

I agree with houstonlively. You should also be aware that it was disabled in a previous release because it was acknowledged that it doesn't work, and was prone to report false positives. It wasn't implemented properly and because of that, it doesn't work.

BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin
Quote · 15 Feb 2011
deano92964
deano92964Premium
10772 posts
0
 

If you can't save them.

Then force it. Edit in the database. The values are is sys_options.

After database edit, clear cache.


https://www.deanbassett.com
Quote · 15 Feb 2011
Reply ›
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Knowledge Base
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd