Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report
Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities
February 16, 2016Protect Against SQL Injection in ASP.Net – SecureLayer7
February 25, 2016
at
Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website rapidly by staying as close as possible to the conventions of the Ruby on Rails framework.
During testing period of 3 days, I found multiple XSS and CSRF vulnerabilities in Refinery CMS.
A detailed report which is a step by step guide to reproduce the vulnerabilities can be found here.
Download
Shravan Kumar
Shravan Kumar, a certified security consultant who has his share of knowledge with security systems. Having an OSCP certification, he has his share of experience and talent to Identify and tackle cyber security problems.