Tweet
Has anyone scanned their vbulletin with Google's Skipfish? I wonder what it could find?
-
Yes, localhost. And found quite a bit of stuff .. I'll leave the results to the professionals. -
Floris how long did it take you? Perhaps I have a poor config, but I tried scanning a small site via the minimal dict and it seemed to stall out after 30min. The kb/s scan kept falling by a 1kb/s. I dunno.Comment
-
I did it localhost of course, so it would remain in the sandbox and use only port 80 and stock files. I used no brute force since only 1 user was registered anyway, but did run it as guest and with auth cookie. It took about 15 minutes doing 750kbyte/sec and it found 400 low . 14 medium . 1 high
the output/ was massive, quite a bit to read through. A lot can be dismissed. Like css.php being plain text mime or character sets mismatching or expiry cache misconfiguration warnings, etc.Comment
Comment