Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

ASP.NET CMS Multiple Vulnerabilities
Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities
February 16, 2016
Protect Against SQL Injection in ASP.Net – SecureLayer7
February 25, 2016

February 19, 2016

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.

During testing period of 3 days, I found multiple XSS  and CSRF  vulnerabilities in Refinery CMS.

A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.

Download

Refinery CMS Pentest Report

Discover more from SecureLayer7 - Offensive Security, API Scanner & Attack Surface Management

Subscribe now to keep reading and get access to the full archive.

Continue reading

Enable Notifications OK No thanks