Re: Pentestn ASP website with tinymce

[Robin Wood <robin () digininja org>]

On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha () gmail com> wrote:
>  Hi,
>
> The company whose i work for is in process evaluating a new website.
> They are not concerned about security, but with how easy is to update the
> website content.
> At this moment the developer that is winning this evaluating is proposing to
> use tinymce as a content manager.
> I read about tinymce and I'm really concerned about our security.
> Does anyone uses the tinymce? Can anyone point me a good way to pentest this
> site and how to enforce it's security  just in case they insist to use
> tinymce?

Exploit DB is a good start:

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve=

And Security Focus

http://www.securityfocus.com/vulnerabilities

> PS: please forgive-me the bad english, i'm learning yet.

Its better than some of the native speakers!

Robin

> LCR
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually
> do a proper penetration test. IACRB CPT and CEPT certs require a full
> practical examination in order to become certified.
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------