Date: Wed, 06 May 2009 00:15:08 +0200 From: Jeroen Hofstee <freebsd.questions@virtualhost.nl> To: freebsd-questions@freebsd.org Subject: Re: local security scanner for vulnerable common opensource www projects Message-ID: <4A00BA6C.2070307@virtualhost.nl> In-Reply-To: <200905052313.47805.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> References: <49FC4186.80608@virtualhost.nl> <200905052010.26393.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4A009BCB.9070700@virtualhost.nl> <200905052313.47805.mel.flynn%2Bfbsd.questions@mailing.thruhere.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mel Flynn schreef: > You can do that, the issue is plugins: > 0) SuperCMS v 1.0 installed > 1) CoolStuff via webinterface, by SuperCMSNr1Fan, version 0.1.0.1beta > 2) SuperCMS v 1.0.1 security release, changes some issues with plugin > handling > 3) CoolStuff's maintainer is now known as CompetitorCMSNr1Fan > 4) CoolStuff still works, because of backwards compatibility, but now > is insecure. > > Stuff like this goes back to the phpNukeYourSite days. > I understand that there are allot of caveats and that is quite some work to create a full blown checker, especially with plugins. But as far as I am corcerned, finding the easy to locate vultnerable script is already better then doing nothing. Jeroen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A00BA6C.2070307>