Refinery - The Ruby on Rail Open Source CMS Penetration Testing Report - Penetration Testing and CyberSecurity Solution

Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities

February 16, 2016

Protect Against SQL Injection in ASP.Net – SecureLayer7

February 25, 2016

Published by Shravan Kumar at February 19, 2016

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.

During testing period of 3 days, I found multiple XSS and CSRF vulnerabilities in Refinery CMS.

A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.

Download

Refinery CMS Pentest Report

Shravan Kumar

Shravan Kumar, a certified security consultant who has his share of knowledge with security systems. Having an OSCP certification, he has his share of experience and talent to Identify and tackle cyber security problems.

Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

Shravan Kumar

Leave a Reply Cancel reply