Comments on: Top 10 Open Source Forums – 12 Months of Vulnerabilities

By: What Is Social Media and Why Do We Need It? | eWiiZone.com

What Is Social Media and Why Do We Need It? | eWiiZone.com — Sat, 16 Oct 2010 07:13:58 +0000

[...] Dragos Lungu Dot Com – Security Tools and Tips [...]

By: Dragos Lungu

Dragos Lungu — Tue, 10 Nov 2009 09:17:12 +0000

Danke !

By: HansDietrich

HansDietrich — Mon, 09 Nov 2009 07:47:36 +0000

Glückwunsch zum neuen Blog!

By: shuctinfith

shuctinfith — Sun, 16 Aug 2009 16:06:01 +0000

Hi,

I am new to http://www.dragoslungu.com and just want to introduce myself.

Thanks

By: MichaellaS

MichaellaS — Mon, 20 Jul 2009 15:49:07 +0000

tks for the effort you put in here I appreciate it!

By: BlueHornet

BlueHornet — Fri, 17 Jul 2009 20:45:12 +0000

This look interesting,so far.
If there’s anyone else here, let me know.
Oh, and yes I’m a real person LOL.

Bye,

By: lyndon

lyndon — Sun, 12 Jul 2009 14:13:13 +0000

thanx for the info.. still not have idea wat i will use forum app. but maybe i will use phbb or vbulletin.. wat u guess guys? thanx

By: Runescape_hater

Runescape_hater — Mon, 22 Jun 2009 00:08:22 +0000

Hey i just wanted to say hi to everyone.

By: TroyBC

TroyBC — Sun, 07 Jun 2009 16:06:07 +0000

Mendota Heights
USA
What is the best ecommerce platform – shopping cart? …If you thinking osCommerce.
I dont thing so, as you can see X-cart the most popular eCommerce platform.
Just checked my WEBS:
http://www.istockvanities.com/
http://www.istocktile.com/
http://www.istocklighting.com/
http://www.istockfurniture.com/

I’ll really appreciate for yours attention.

By: dreamluverz

dreamluverz — Wed, 06 May 2009 15:51:30 +0000

Thanks for sharing. I’m looking for a good forum software to install and good thing you have this information. But seems like you don’t have SMF here?

By: » links for 2008-05-16 | Paul Cowles

» links for 2008-05-16 | Paul Cowles — Tue, 03 Jun 2008 00:17:35 +0000

[...] Top 10 Open Source Forums – 12 Months of Vulnerabilities | Dragos Lungu Dot Com (tags: opensource forums) [...]

By: Dragos Lungu

Dragos Lungu — Mon, 11 Jun 2007 14:43:05 +0000

Thanks dre, I will test some of these apps pretty soon and I’ll post the results. As Ory pointed out, there are no “Zero vulnerability” applications out there; sometimes it’s just harder to find those bugs

By: dre

dre — Sun, 10 Jun 2007 22:06:00 +0000

OWASP runs vBulliten (this costs money btw), but then again – it also runs WordPress for blogs and MediaWiki for the main site and these aren’t exactly sure web applications.

Andrew van der Stock (of OWASP fame) wrote his own secure forum software as well: http://www.ultimabb.com/

PunBB, SMF (Simple Machines), and Vanilla also have very good reputations for free forum software.

For web-anything, I normally suggest JSPWiki (or something very similar) fronted by mod_security. I’d like to see JSPWiki or something very similar re-written in HDIV Struts with proper use of Validator everywhere.

The most important aspect is to keep your fourm software up-to-date, especially after known vulnerabilities are released into the public.

By: Beehive Zero Vulnerabilities - Myth BUSTED | Dragos Lungu Dot Com

Beehive Zero Vulnerabilities - Myth BUSTED | Dragos Lungu Dot Com — Sun, 10 Jun 2007 14:53:52 +0000

[...] gets all the credit for this one and, again, I updated the forum vulnerabilities post [...]

By: BBpress XSS vulnerability | Dragos Lungu Dot Com

BBpress XSS vulnerability | Dragos Lungu Dot Com — Thu, 07 Jun 2007 11:05:10 +0000

[...] Ory Segal pointed out in his comment on the forum vulnerabilities post , the BBpress authentication page (bb-login.php) is home of a XSS [...]

By: Ory Segal

Ory Segal — Sun, 03 Jun 2007 13:55:42 +0000

I’ve sent you an email, let me know what you make of it

By: Dragos Lungu

Dragos Lungu — Fri, 01 Jun 2007 11:45:34 +0000

Hi Ory,
well, the list is based on secunia public vulnerabilities disclosures and I didn’t inted to go into 0 day exploits. Now that you made me curious , I looked into bb-login.php and I couldn’t find an exploitable XSS

I’m posting the bb-login.php file :

< ?php
require('./bb-load.php');

$ref = wp_get_referer();

if ( 0 === strpos($ref, bb_get_option( 'uri' )) ) {
$re = $_POST['re'] ? $_POST['re'] : $_GET['re'];
if ( 0 !== strpos($re, bb_get_option( 'uri' )) )
$re = $ref . $re;
} else
$re = bb_get_option('uri');

nocache_headers();

if ( isset( $_REQUEST['logout'] ) ) {
bb_logout();
wp_redirect( $re );
exit;
}

if ( !bb_is_user_logged_in() && !$user = bb_login( @$_POST['user_login'], @$_POST['password'] ) ) {
$user_exists = bb_user_exists( @$_POST['user_login'] );
$user_login = user_sanitize ( @$_POST['user_login'] );
$redirect_to = wp_specialchars( $re, 1 );
bb_load_template( 'login.php', array('re', 'user_exists', 'user_login', 'redirect_to', 'ref') );
exit;
}

wp_redirect( $re );
?>

The user_sanitize function permits only a-z A-Z and 0-9 , so no luck with the username string.
The $re parameter is appended to the current URL and although it seems an easy catch for a forceful redirect, the appended string starts with / which sucks .

So please let me know which vulnerability have you spotted . Please email me (dragos@dragoslungu.com) or post it here and I will edit the post to reflect your findings.

I would really appreciate .

By: Ory Segal

Ory Segal — Thu, 31 May 2007 12:59:38 +0000

Hello Dragos,

Hold the press – from a 2 minutes review of BBPress (which in your research yielded 0 vulnerabilities), I can already tell you that the login page contains a XSS vulnerability. (I am talking about the latest version of BBPress here).

Check out the source code of bb-login.php, and you’ll figure it out. (it’s exploitable).
Bottom line, I haven’t seen a single BB app lately, that doesn’t contain any vulnerabilities

Hope this helps,
-Ory Segal