KeystoneJS Open Source Penetration Testing Report – Gratis 2017

 

Overview

Under the Gratis Pentest 2017, we have evaluated security postures of open source applications. For Gratis 2017 we have selected KeystoneJS. In this blog we are discussing about KeystoneJS Open Source Penetration Testing Report and releasing the vulnerabilities details.

KeystoneJS is a powerful Node.js content management system and web app framework built on express and mongoose. Keystone makes it easy to create sophisticated web sites and apps, and comes with a beautiful auto-generated Admin UI.

The pentest team at SecureLayer7 performed penetration test for two days and successfully reported 6 Vulnerabilities to KeystoneJS and following is vulnerability list.

  1. CSV Excel Macro Injection
  2. Stored Cross Site Scripting
  3. Application wide CSRF Bypass
  4. Logical flaw that does not delete pics from third party website
  5. Stored Cross Site Scripting
  6. Weak Password Policy

Download the Entire Report from here and you can download the latest patch from here

Soon we will be releasing the new dates for the Gratis Pentest 2018 – Stay Tuned!