local security scanner for vulnerable common opensource www projects

Jeroen Hofstee freebsd.questions at virtualhost.nl
Tue May 5 22:15:11 UTC 2009

Mel Flynn schreef:
> You can do that, the issue is plugins:
> 0) SuperCMS v 1.0 installed
> 1) CoolStuff via webinterface, by SuperCMSNr1Fan, version
> 2) SuperCMS v 1.0.1 security release, changes some issues with plugin 
> handling
> 3) CoolStuff's maintainer is now known as CompetitorCMSNr1Fan
> 4) CoolStuff still works, because of backwards compatibility, but now 
> is insecure.
> Stuff like this goes back to the phpNukeYourSite days.
I understand that there are allot of caveats and that is quite some work 
to create a full blown checker, especially with
plugins. But as far as I am corcerned, finding the easy to locate 
vultnerable script is already better then doing nothing.


More information about the freebsd-questions mailing list