local security scanner for vulnerable common opensource
www projects
Jeroen Hofstee
freebsd.questions at virtualhost.nl
Tue May 5 22:15:11 UTC 2009
Mel Flynn schreef:
> You can do that, the issue is plugins:
> 0) SuperCMS v 1.0 installed
> 1) CoolStuff via webinterface, by SuperCMSNr1Fan, version 0.1.0.1beta
> 2) SuperCMS v 1.0.1 security release, changes some issues with plugin
> handling
> 3) CoolStuff's maintainer is now known as CompetitorCMSNr1Fan
> 4) CoolStuff still works, because of backwards compatibility, but now
> is insecure.
>
> Stuff like this goes back to the phpNukeYourSite days.
>
I understand that there are allot of caveats and that is quite some work
to create a full blown checker, especially with
plugins. But as far as I am corcerned, finding the easy to locate
vultnerable script is already better then doing nothing.
Jeroen
More information about the freebsd-questions
mailing list