SEC-DEFG-0018 PHP wrapper attack

[Luca]

Hello, everybody!

I've searched the forum but didn't found anything about this Defender attack report:
SEC-DEFG-0018
Requested URI:    /components/com_content/plugins/gallery/includes/data:image/png;base64,(...etc...)
when browsing Sample Gallery

Thank you
Gianluca

Elxis 5.3 Rev 2452
PHP 8.1.2-1ubuntu2.9

[datahell]

It seems that you have entered the image as blob (binary) data through the editor and Elxis Defender doesn't like it :-)
For the gallery, create a folder in media/images/, upload your images there, and then go to Gallery plugin and set it to load the images from that folder.

[Luca]

Hey! @Datahell!
Nice to hear you again!
I will try to do as per your suggestion. The fact is that the installation is the one out of the box. Noticing that error while testing...
Luca

[datahell]

Out of the box? Are you sure?
This: /components/com_content/plugins/gallery/includes/data:image/png;base64, doesn't look out of the box. However, I don't know, I haven't seen the site. If I could see it I would be able to tell you something for sure. Follow my recommendation in my previous reply and it will be fine. It doesn't look that important.

[Luca]

Thank you very much for your kindness
Yes. I kept everything as it was and that is the essential part of the message from Defender reporting.
Anyway, as I will go further, I will observe your directions
I could give the address but, for now and until I will be ready for the release, the access to the server is restricted to only few countries
Thank you again!!!
My best
(As always, Great Work you did! I am eager about your Team. Thank you!)

[ArXoS]

It seems that you have entered the image as blob (binary) data through the editor and Elxis Defender doesn't like it :-)
For the gallery, create a folder in media/images/, upload your images there, and then go to Gallery plugin and set it to load the images from that folder.

Hello Datahell

I am not sure that this solution works.
I made exactly as you said but still getting reports for PHP wrapper attack

Any other ideas ?
Regards

[datahell]

If we are talking about the built-in gallery plugin, there is no way the plugin to have such a behavior on Elxis 5.x.

Gallery plugin quick usage.
Go to Site > media > images
Create a folder (eg "myimages") and upload some images there.

Go to Content > All articles > Click on an article to edit it.
Go to Article body tab and on the main text area put your mouse on a spot and click on the Elxis icon to add a plugin.
Select plugin Gallery.
Select folder "myimages" you previously created.
Click on the blue button to create the integration code and then on top click on the green button to insert the code inside the article.
Save the article (click Apply on top)

Details tab > Click on SEO link to view your article.
The gallery should be displayed correctly.

[ArXoS]

Hello Datahell.

The error comes when a visitor clicks on an image. Atter 3 clicks, he gets banned.
You can try it 

https://mousalim.gr/mousiko-skholeio/genikes-drasteriotetes/parelase-tes-28es-oktobriou.html

[datahell]

No, there is no problem. The HTML is absolutely clean and correct, and I don't get any errors.
The problem maybe is been generated on your pc. Check your browser, the plugins you have on it, or an antivirus/security tool you might use. Something in your pc changes the html of the site. I hope you don't have a virus/spyware.

Try with a different browser, and/or from a different device.

[datahell]

I found the problem, I write it in public for the others.
ArXos sent me the complete Elxis Defender log and then it was clear that the problem derives from the Elxis CSS minifier.
The solution is to disable the minifier in Elxis configuration.

[ArXoS]

The solution is to disable the minifier in Elxis configuration.

Thanks to Datahell, the problem fixed