Уязвимость

У меня появилось такое предупреждение:

Total impact: 5
Affected tags: Command Execution, id

Variable: GET.bubbles | Value: AddContent:NaN,Mail:0,Friends:0,Shopping Cart:0,Spy:0,
Impact: 5 | Tags: Command Execution, id
Description: Detects remote code exectuion tests. Will match "ping -n 3 localhost" and "ping localhost -n 3"  | Tags: Command Execution, id | ID: 74

REMOTE_ADDR: 91.238.55.67
HTTP_X_FORWARDED_FOR:
HTTP_CLIENT_IP:
SCRIPT_FILENAME: /home/keysuke/public_html/member_menu_queries.php
QUERY_STRING: action=get_bubbles_values&bubbles=AddContent%3ANaN%2CMail%3A0%2CFriends%3A0%2CShopping+Cart%3A0%2CSpy%3A0%2C&_r=0.837824339279905
REQUEST_URI: /member_menu_queries.php?action=get_bubbles_values&bubbles=AddContent%3ANaN%2CMail%3A0%2CFriends%3A0%2CShopping+Cart%3A0%2CSpy%3A0%2C&_r=0.837824339279905
QUERY_STRING: action=get_bubbles_values&bubbles=AddContent%3ANaN%2CMail%3A0%2CFriends%3A0%2CShopping+Cart%3A0%2CSpy%3A0%2C&_r=0.837824339279905
SCRIPT_NAME: /member_menu_queries.php
PHP_SELF: /member_menu_queries.php

-----------------------------------------------------------------------------------

Нашёл страницу где эта уязвимость более детально подана. >>> http://irc.truehackers.ru/bugtrack/web-app/3867-dolphin-707-membermenuqueriesphp-remote-php-injection

 

Может кто-нибудь объяснить чайнику о чём здесь речь и можно ли это исправить?

Quote · 4 Feb 2014

Now that is an interesting one:

Found the page where this vulnerability in more detail filed. >>> http://irc.truehackers.ru/bugtrack/web-app/3867-dolphin-707-membermenuqueriesphp-remote-php-injection

Here is a page for reading: http://www.theserverpages.com/articles/webmasters/php/security/Code_Injection_Vulnerabilities_Explained.html

Of course just because an injection was attempted does not mean it actually happened.


 

Вот страница для чтения: http://www.theserverpages.com/articles/webmasters/php/security/Code_Injection_Vulnerabilities_Explained.html

Конечно только потому, что инъекция была сделана попытка не означает, что на самом деле произошло.
Geeks, making the world a better place
Quote · 4 Feb 2014

Predpologau, chto eto ne uyazvimost', i daje ne napadnie na site, skoree vsego ne sovsem vernye nastroiki sachity saita ot napadeniya:

Total impact: 5

5 - eto ne bobol'shaya ugroza

> 20 - mojno schitat' bolee menee ser'eznoi ugrozoi 

No voobshe, dlya kajdogo saita nujno podbirat' svoi znacheniya dlya etih nastroek:

Adminskay panel' > настройки > Расширенные настройки > Security > 

Breach Impact Threshold For Report:

Breach Impact Threshold For Report And Block:

Eto sdelat' dovol'no trudoiemko, mojno poka otkluchit' etu zachitu postaviv znacheniya = -1

Rules → http://www.boonex.com/terms
Quote · 10 Feb 2014
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.