[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] [IMPORTANT] GForge source audit.( 1st part finished).
From: |
Lorenzo Hernandez Garcia-Hierro |
Subject: |
[Savannah-hackers] [IMPORTANT] GForge source audit.( 1st part finished). |
Date: |
Sun, 11 Apr 2004 23:00:52 +0200 |
Hi,
I was working with the GForge source looking for security "holes"
and i have some results that are not good.
GForge presents same type of problems ( but not in the same quantity ,
GForge wins
the ward of having 4 possible fails that can be used to execute commands
remotely )
like use of register_globals , poor filtering of inputs , etc.
The results can be found here:
http://www.tuxedo-es.org/seguridad/GForge-1.xhtml
I've not make it public , i will contact GForge team before doing it ( or i
won't
do it ).
I haven't finished the source checking , there is a lot to read and test ,
so , please be patient.
Best regards to all.
--------------------------------------
Lorenzo Hernandez Garcia-Hierro
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G d>-- s>:() a---- C++++(++++)>++++ UL>++++ P++(++)>++ L++(++)>+++ E()>-
W+++(+++)>+++ N+(+)>+ o+(+)>+
K-(-)>- w++(++)>+++ !O !M !V PS+(+)>+ PE+(+)>+ Y()> PGP++(++)>++ t++(++)>++
!5
X++++(++++)>++++ R++(++)>++ tv+(+)>+ b++++(++++)>++++ DI+(+)>+
D+(+)>+ G+(+)>+ e()> h++(++)>++ r++(++)>++ y-(-)>-
------END GEEK CODE BLOCK------
PGP: Keyfingerprint:
4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
http://www.tuxedo-es.org
______________________________________
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-hackers] [IMPORTANT] GForge source audit.( 1st part finished).,
Lorenzo Hernandez Garcia-Hierro <=