|
|
Penetration Testing
Pentestn ASP website with tinymce Aug 31 2010 04:30PM Luana C. Rocha (luanac rocha gmail com) (2 replies) Re: Pentestn ASP website with tinymce Sep 01 2010 09:03AM Robin Wood (robin digininja org) (1 replies) Re: Pentestn ASP website with tinymce Sep 01 2010 07:49PM Shawn Barry (shawnb391 gmail com) (1 replies) |
|
Privacy Statement |
Hash: SHA1
Hello,
TinyMCE is a JavaScript based WYSIWYG editor, not a content management
system. TinyMCE can be configured to run independently of any dynamic
code, and doesn't present any security vulnerability by itself. TinyMCE
has had problems in the past with file manipulation that involved unsafe
dynamic scripting (such as PHP).
Justin Klein Keane, C|EH CEPT
http://www.MadIrish.net
On 08/31/2010 12:30 PM, Luana C. Rocha wrote:
> Hi,
>
> The company whose i work for is in process evaluating a new website.
> They are not concerned about security, but with how easy is to update
> the website content.
> At this moment the developer that is winning this evaluating is
> proposing to use tinymce as a content manager.
> I read about tinymce and I'm really concerned about our security.
> Does anyone uses the tinymce? Can anyone point me a good way to pentest
> this site and how to enforce it's security just in case they insist to
> use tinymce?
>
> PS: please forgive-me the bad english, i'm learning yet.
>
> LCR
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require
> a full practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iPwEAQECAAYFAkx+RqsACgkQkSlsbLsN1gDfWgb+LI7Ml6O96Y9nAcZGpUsk9pSq
CrOC+zGRAyGJOHCygpNAstRmsjYtWXZt8apAGR+V9tROcHzsGB35u9blREsW6qtz
lQ4SE4yZ3o0bKt58v8VoMkVfknZMmQjoFCsTJS0QOt0QkeWpMgD2BUBzy2+l2MiF
U53Uta5YnTAq/Awj5M9du4V06dGdGcY8Ixq8EXVQwdKWM7w9Wj3Zq1aowz1liXX4
GinUWri7uYt84nUKK7ZT/vRhTUc6BJQ7RfrfIAsfWb13Y1f5USRo5dV6GFxCy2IE
i5Hw3QwD5eMTJMmT5Ls=
=vE1F
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]