[VIM] WebAPP Audit
security curmudgeon
jericho at attrition.org
Tue Mar 20 11:01:38 UTC 2007
As most of you may have noticed, WebAPP has gone under a fairly heavy
audit and the changelog for 0.9.9.5:
http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250
Shortly after, 0.9.9.6 was released saying: "WebAPP had security audits
done by professionals, and several previously uncovered major security
issues were found, along with some more minor things that can negatively
impact security." They aren't releasing details yet to give web sites a
chance to upgrade.
Shortly after that, they released a patch to fix a remote cookie
manipulation based attack that can let a remote attacker take over the
admin account:
http://www.web-app.org/cgi-bin/index.cgi?action=downloadinfo&cat=crip&id=2
I'm a bit curious who the 'professionals' were that did the audit leading
to 0.9.9.6 and the details of the subsequent exploit.
More information about the VIM
mailing list