Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.

During testing period of 3 days, I found multiple XSS  and CSRF  vulnerabilities in Refinery CMS.

A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.

Download

Refinery CMS Pentest Report