Willkommen, Gast
Benutzername: Passwort: Angemeldet bleiben:

THEMA: Failed Security Scan - :dry: - Version 2.00+ Build 131022

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 2 Wochen her #103278

  • DenisChenu
  • DenisChenus Avatar
  • OFFLINE
  • Moderator Lime
  • Beiträge: 5875
  • Dank erhalten: 722
  • Karma: 223
You give me all information I need :).

For acunetix : no time actually (and can only use unregitred version, an i think it don't work on linux :) ).

To test with the patch : you can directly download from github : github.com/LimeSurvey/LimeSurvey/archive/master.zip
Der Administrator hat öffentliche Schreibrechte deaktiviert.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 1 Woche her #103619

  • mas_carpone
  • mas_carpones Avatar
  • OFFLINE
  • Expert Lime
  • Beiträge: 86
  • Dank erhalten: 4
  • Karma: 0
Dear Denis, Colleagues,

Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
I think unfortunatelly since my IT department can not link up directly with you I have everybody loose a lot of time on this... :(

We are trying to secure the help of a consultant on this that will sit in the IT department so he can test in the final environment and with the tools they are using here (what a pain... :( )

In any case I will ask that person of course to keep you all posted on this issue,

Sorry for all the trouble - guess I'm working for a particularly difficult organization unfortunately...
Der Administrator hat öffentliche Schreibrechte deaktiviert.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 1 Woche her #103622

  • DenisChenu
  • DenisChenus Avatar
  • OFFLINE
  • Moderator Lime
  • Beiträge: 5875
  • Dank erhalten: 722
  • Karma: 223
Hi,
mas_carpone schrieb:
Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
We allways correct security bug in priority .

I don't understand: we do a lot of job for XSS in LimeSurvey.

Denis
Der Administrator hat öffentliche Schreibrechte deaktiviert.
Folgende Benutzer bedankten sich: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 1 Woche her #103625

  • mas_carpone
  • mas_carpones Avatar
  • OFFLINE
  • Expert Lime
  • Beiträge: 86
  • Dank erhalten: 4
  • Karma: 0
Hi Denis,

The main problem here doesn't lie with the community at all. The tool is fantastic, and the more I use it the more I imagine new possible projects on which LS could play a big part... I am afraid our internal IT system is the issue here, I don't know :(

But I find myself facing a wall here... Apparently the latest test fed back more issues than the previous one and they have basically refused to re-test...

If there is a way to attach a document, I am happy to share the full developer report with you.
Der Administrator hat öffentliche Schreibrechte deaktiviert.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 1 Woche her #103627

  • DenisChenu
  • DenisChenus Avatar
  • OFFLINE
  • Moderator Lime
  • Beiträge: 5875
  • Dank erhalten: 722
  • Karma: 223
Hi,

Send me to denis<AT>sondages<DOT>pro , i send it to our bug report system.

Denis
Der Administrator hat öffentliche Schreibrechte deaktiviert.
Folgende Benutzer bedankten sich: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 3 Monate 1 Woche her #103629

  • mas_carpone
  • mas_carpones Avatar
  • OFFLINE
  • Expert Lime
  • Beiträge: 86
  • Dank erhalten: 4
  • Karma: 0
Done
Der Administrator hat öffentliche Schreibrechte deaktiviert.
Moderatoren: ITEd
Ladezeit der Seite: 0.144 Sekunden
Donation Image