Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.

During testing period of 3 days, I found multiple XSS  and CSRF  vulnerabilities in Refinery CMS.

A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.

Download

Refinery CMS Pentest Report

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.