[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-hackers] [IMPORTANT] GForge source audit.( 1st part finished).

From: Lorenzo Hernandez Garcia-Hierro
Subject: [Savannah-hackers] [IMPORTANT] GForge source audit.( 1st part finished).
Date: Sun, 11 Apr 2004 23:00:52 +0200


I was working with the GForge source looking for security "holes"
and i have some results that are not good.

GForge presents same type of problems ( but not in the same quantity ,
GForge wins
the ward of having 4 possible fails that can be used to execute commands
remotely )
like use of register_globals , poor filtering of inputs , etc.

The results can be found here:
I've not make it public , i will contact GForge team before doing it ( or i
do it ).

I haven't finished the source checking , there is a lot to read and test ,
so , please be patient.

Best regards to all.

Lorenzo Hernandez Garcia-Hierro
Version: 3.1
G d>-- s>:() a---- C++++(++++)>++++ UL>++++ P++(++)>++ L++(++)>+++ E()>-
W+++(+++)>+++ N+(+)>+ o+(+)>+
K-(-)>- w++(++)>+++ !O !M !V PS+(+)>+ PE+(+)>+ Y()> PGP++(++)>++ t++(++)>++
X++++(++++)>++++ R++(++)>++ tv+(+)>+ b++++(++++)>++++ DI+(+)>+
D+(+)>+ G+(+)>+ e()> h++(++)>++ r++(++)>++ y-(-)>-
------END GEEK CODE BLOCK------ 
PGP: Keyfingerprint:
4ACC D892 05F9 74F1 F453  7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B

reply via email to

[Prev in Thread] Current Thread [Next in Thread]