Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
IOS Hotels
and
IOS Rentals
online booking systems for Elxis CMS.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
SEC-DEFG-0018 PHP wrapper attack
« previous
next »
Print
Pages: [
1
]
Author
Topic: SEC-DEFG-0018 PHP wrapper attack (Read 1466 times)
Luca
Full Member
Posts: 119
SEC-DEFG-0018 PHP wrapper attack
«
on:
December 02, 2022, 21:48:50 »
Hello, everybody!
I've searched the forum but didn't found anything about this Defender attack report:
SEC-DEFG-0018
Requested URI: /components/com_content/plugins/gallery/includes/data:image/png;base64,(...etc...)
when browsing Sample Gallery
Thank you
Gianluca
Elxis 5.3 Rev 2452
PHP 8.1.2-1ubuntu2.9
«
Last Edit: December 02, 2022, 21:52:03 by Luca
»
Logged
datahell
Elxis Team
Hero Member
Posts: 10212
Re: SEC-DEFG-0018 PHP wrapper attack
«
Reply #1 on:
December 04, 2022, 19:44:24 »
It seems that you have entered the image as blob (binary) data through the editor and Elxis Defender doesn't like it :-)
For the gallery, create a folder in
media/images/
, upload your images there, and then go to Gallery plugin and set it to load the images from that folder.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Luca
Full Member
Posts: 119
Re: SEC-DEFG-0018 PHP wrapper attack
«
Reply #2 on:
December 04, 2022, 19:52:32 »
Hey! @Datahell!
Nice to hear you again!
I will try to do as per your suggestion. The fact is that the installation is the one out of the box. Noticing that error while testing...
Luca
Logged
datahell
Elxis Team
Hero Member
Posts: 10212
Re: SEC-DEFG-0018 PHP wrapper attack
«
Reply #3 on:
December 04, 2022, 21:32:01 »
Out of the box? Are you sure?
This: /components/com_content/plugins/gallery/includes/
data:image/png;base64
, doesn't look out of the box. However, I don't know, I haven't seen the site. If I could see it I would be able to tell you something for sure. Follow my recommendation in my previous reply and it will be fine. It doesn't look that important.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Luca
Full Member
Posts: 119
Re: SEC-DEFG-0018 PHP wrapper attack
«
Reply #4 on:
December 05, 2022, 20:26:29 »
Thank you very much for your kindness
Yes. I kept everything as it was and that is the essential part of the message from Defender reporting.
Anyway, as I will go further, I will observe your directions
I could give the address but, for now and until I will be ready for the release, the access to the server is restricted to only few countries
Thank you again!!!
My best
(As always, Great Work you did! I am eager about your Team. Thank you!)
Logged
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
SEC-DEFG-0018 PHP wrapper attack