Date: Tue, 5 May 2009 23:13:47 +0200 From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> To: freebsd-questions@freebsd.org Cc: Jeroen Hofstee <freebsd.questions@virtualhost.nl> Subject: Re: local security scanner for vulnerable common opensource www projects Message-ID: <200905052313.47805.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> In-Reply-To: <4A009BCB.9070700@virtualhost.nl> References: <49FC4186.80608@virtualhost.nl> <200905052010.26393.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <4A009BCB.9070700@virtualhost.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 05 May 2009 22:04:27 Jeroen Hofstee wrote: > Mel Flynn schreef: > > On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote: > >> I tried to find a program which could scan the local filesystem and > >> extract a lists of well known web projects (joomla, wordpress etc) > > > > Not that I'm aware of and it's hell to write and keep current. > > k, pitty. Although user can be jailed, it is still a bit unconfortable > experience for users if their website looks > somewhat different then they are used to; or their message board > suddenly contains 20000 additional post, > albeit due to their own lack of maintaining the scripts behind it. A > reminder that their script has known > vulnerabities would therefore be nice, even if it doesn't pose a direct > risk to the system as a whole. I understand the problem. > Most of these open source projects are in the ports, so the portaudit db > will contain vulnerability information > for them. If I find time, I will have a look if it is possible to match > against that db. You can do that, the issue is plugins: 0) SuperCMS v 1.0 installed 1) CoolStuff via webinterface, by SuperCMSNr1Fan, version 0.1.0.1beta 2) SuperCMS v 1.0.1 security release, changes some issues with plugin handling 3) CoolStuff's maintainer is now known as CompetitorCMSNr1Fan 4) CoolStuff still works, because of backwards compatibility, but now is insecure. Stuff like this goes back to the phpNukeYourSite days. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905052313.47805.mel.flynn%2Bfbsd.questions>