Welcome, Guest
Username: Password: Remember me

TOPIC: Failed Security Scan - :dry: - Version 2.00+ Build 131022

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 1 week ago #103278

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6331
  • Thank you received: 817
  • Karma: 243
You give me all information I need :).

For acunetix : no time actually (and can only use unregitred version, an i think it don't work on linux :) ).

To test with the patch : you can directly download from github : github.com/LimeSurvey/LimeSurvey/archive/master.zip
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 2 days ago #103619

  • mas_carpone
  • mas_carpone's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 108
  • Thank you received: 4
  • Karma: 0
Dear Denis, Colleagues,

Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
I think unfortunatelly since my IT department can not link up directly with you I have everybody loose a lot of time on this... :(

We are trying to secure the help of a consultant on this that will sit in the IT department so he can test in the final environment and with the tools they are using here (what a pain... :( )

In any case I will ask that person of course to keep you all posted on this issue,

Sorry for all the trouble - guess I'm working for a particularly difficult organization unfortunately...
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 2 days ago #103622

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6331
  • Thank you received: 817
  • Karma: 243
Hi,
mas_carpone wrote:
Unfortuntely the test has highlighted further issues related to cross site scripting (grrrrrrr!).
We allways correct security bug in priority .

I don't understand: we do a lot of job for XSS in LimeSurvey.

Denis
The administrator has disabled public write access.
The following user(s) said Thank You: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 2 days ago #103625

  • mas_carpone
  • mas_carpone's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 108
  • Thank you received: 4
  • Karma: 0
Hi Denis,

The main problem here doesn't lie with the community at all. The tool is fantastic, and the more I use it the more I imagine new possible projects on which LS could play a big part... I am afraid our internal IT system is the issue here, I don't know :(

But I find myself facing a wall here... Apparently the latest test fed back more issues than the previous one and they have basically refused to re-test...

If there is a way to attach a document, I am happy to share the full developer report with you.
The administrator has disabled public write access.

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 2 days ago #103627

  • DenisChenu
  • DenisChenu's Avatar
  • OFFLINE
  • Moderator Lime
  • Posts: 6331
  • Thank you received: 817
  • Karma: 243
Hi,

Send me to denis<AT>sondages<DOT>pro , i send it to our bug report system.

Denis
The administrator has disabled public write access.
The following user(s) said Thank You: mas_carpone

Failed Security Scan - :dry: - Version 2.00+ Build 131022 8 months 2 days ago #103629

  • mas_carpone
  • mas_carpone's Avatar
  • OFFLINE
  • Expert Lime
  • Posts: 108
  • Thank you received: 4
  • Karma: 0
Done
The administrator has disabled public write access.
Moderators: ITEd
Time to create page: 0.116 seconds
Donation Image