2012-11-10, 09:34 PM
2012-11-10, 09:41 PM
For known vulnerabilities, just do a Google search.
E.g.
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
Quote:mybb {plugin name} vulnerability
E.g.
Quote:mybb mytabs vulnerability
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
2012-11-11, 12:44 AM
(2012-11-10, 09:41 PM)Nathan Malcolm Wrote: [ -> ]For known vulnerabilities, just do a Google search.
Quote:mybb {plugin name} vulnerability
E.g.
Quote:mybb mytabs vulnerability
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
Thanks what if you want to check if a plugin is vulnerable if it's not on Google then how do you find out?
2012-11-11, 08:44 AM
You search. There are plenty of sites which disclose security issues within software, but you're best bet is to just search Google. Most of the time they end up on Packet Storm Security or Security Focus which are crawled by Google fairly regularly.
2012-11-11, 08:22 PM
(2012-11-11, 12:44 AM)kamz89 Wrote: [ -> ](2012-11-10, 09:41 PM)Nathan Malcolm Wrote: [ -> ]For known vulnerabilities, just do a Google search.
Quote:mybb {plugin name} vulnerability
E.g.
Quote:mybb mytabs vulnerability
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
Thanks what if you want to check if a plugin is vulnerable if it's not on Google then how do you find out?
Alternatively if you are worried about the mods being insecure check their coding prior to installing them.
But usually if a security vulnerability is discovered in a mod the news will spread pretty fast.
2012-11-12, 02:45 AM
(2012-11-11, 08:22 PM)borbole Wrote: [ -> ](2012-11-11, 12:44 AM)kamz89 Wrote: [ -> ](2012-11-10, 09:41 PM)Nathan Malcolm Wrote: [ -> ]For known vulnerabilities, just do a Google search.
Quote:mybb {plugin name} vulnerability
E.g.
Quote:mybb mytabs vulnerability
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
Thanks what if you want to check if a plugin is vulnerable if it's not on Google then how do you find out?
Alternatively if you are worried about the mods being insecure check their coding prior to installing them.
But usually if a security vulnerability is discovered in a mod the news will spread pretty fast.
That's what I'm asking for, how to find out a plugin is vulnerable through the coding because when a vuln. is revealed/exposed then it spreads too quickly and lands in the wrong people hands first and some people keep it to themselves so it's not patched and they can break into as much as sites they want.
I want to know how to find out if a plugin is vulnerable through coding.
2012-11-12, 03:03 AM
2012-11-12, 03:08 AM
(2012-11-10, 09:41 PM)Nathan Malcolm Wrote: [ -> ]For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
2012-11-12, 02:35 PM
(2012-11-12, 02:45 AM)kamz89 Wrote: [ -> ](2012-11-11, 08:22 PM)borbole Wrote: [ -> ](2012-11-11, 12:44 AM)kamz89 Wrote: [ -> ](2012-11-10, 09:41 PM)Nathan Malcolm Wrote: [ -> ]For known vulnerabilities, just do a Google search.
Quote:mybb {plugin name} vulnerability
E.g.
Quote:mybb mytabs vulnerability
For discovering vulnerabilities within plugins, you should first have a basic understanding of web application security. You can then apply that knowledge to auditing the plugins. There's a lot to cover when it comes to WAS.
Thanks what if you want to check if a plugin is vulnerable if it's not on Google then how do you find out?
Alternatively if you are worried about the mods being insecure check their coding prior to installing them.
But usually if a security vulnerability is discovered in a mod the news will spread pretty fast.
That's what I'm asking for, how to find out a plugin is vulnerable through the coding because when a vuln. is revealed/exposed then it spreads too quickly and lands in the wrong people hands first and some people keep it to themselves so it's not patched and they can break into as much as sites they want.
I want to know how to find out if a plugin is vulnerable through coding.
You should have the above mentioned knowledge for that. Otherwise you won''t be able to do a security audit yourself.