Penetration Testing mailing list archives

Re: Pentestn ASP website with tinymce

From: Shawn Barry <shawnb391 () gmail com>
Date: Wed, 1 Sep 2010 14:49:14 -0500

Can anyone tell me how to opt-out of this mailing list? I enjoyreading some of these letters, but my inbox is useally flooded withemails because I signed up for too many mailing lists...


On Sep 1, 2010, at 4:03 AM, Robin Wood <robin () digininja org> wrote:

On 31 August 2010 17:30, Luana C. Rocha <luanac.rocha () gmail com>wrote:
 Hi,

The company whose i work for is in process evaluating a new website.
They are not concerned about security, but with how easy is toupdate the
website content.
At this moment the developer that is winning this evaluating isproposing to
use tinymce as a content manager.
I read about tinymce and I'm really concerned about our security.
Does anyone uses the tinymce? Can anyone point me a good way topentest thissite and how to enforce it's security just in case they insist touse
tinymce?
Exploit DB is a good start:

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=tinymce&filter_author=&filter_platform=0&filter_type=0&filter_port=&filter_osvdb=&filter_cve=

And Security Focus

http://www.securityfocus.com/vulnerabilities
PS: please forgive-me the bad english, i'm learning yet.
Its better than some of the native speakers!

Robin
LCR
------------------------------------------------------------------------This list is sponsored by: Information Assurance CertificationReview Board
Prove to peers and potential employers without a doubt that you canactually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------This list is sponsored by: Information Assurance CertificationReview Board
Prove to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certsrequire a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Pentestn ASP website with tinymce Justin Klein Keane (Sep 01)
- <Possible follow-ups>
- Re: Pentestn ASP website with tinymce Robin Wood (Sep 01)
  - Re: Pentestn ASP website with tinymce Shawn Barry (Sep 03)
    - Re: Pentestn ASP website with tinymce Erin Carroll (Sep 03)