No announcement yet.

vb scanned with skipfish?

  • Time
  • Show
Clear All
new posts

  • vb scanned with skipfish?

    Has anyone scanned their vbulletin with Google's Skipfish? I wonder what it could find?

  • #2
    Yes, localhost. And found quite a bit of stuff .. I'll leave the results to the professionals.


    • #3
      Floris how long did it take you? Perhaps I have a poor config, but I tried scanning a small site via the minimal dict and it seemed to stall out after 30min. The kb/s scan kept falling by a 1kb/s. I dunno.


      • #4
        I did it localhost of course, so it would remain in the sandbox and use only port 80 and stock files. I used no brute force since only 1 user was registered anyway, but did run it as guest and with auth cookie. It took about 15 minutes doing 750kbyte/sec and it found 400 low . 14 medium . 1 high
        the output/ was massive, quite a bit to read through. A lot can be dismissed. Like css.php being plain text mime or character sets mismatching or expiry cache misconfiguration warnings, etc.


        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.