12 Nov
2007
12 Nov
'07
9:21 a.m.
Hi,
i asked Björn Schotte (CEO Mayflower GmbH) if it would be possible to 'scan'
phpMyAdmin for vulnerabilities using chorizo (for free)
he said yes if they could publish some case study, press release or
something similar
Marc? do you think this is possible?
* https://chorizo-scanner.com/
* http://mayflower.biz/
CC: Björn Schotte <schotte(a)mayflower.de>
--
Sebastian
12 Nov
12 Nov
10:38 a.m.
Sebastian Mendel a écrit :
Hi,
i asked Björn Schotte (CEO Mayflower GmbH) if it would be possible to 'scan'
phpMyAdmin for vulnerabilities using chorizo (for free)
he said yes if they could publish some case study, press release or
something similar
Marc? do you think this is possible?
Yes. Let's hope we have some free time to fix the issues!
* https://chorizo-scanner.com/
* http://mayflower.biz/
CC: Björn Schotte <schotte(a)mayflower.de>
10:49 a.m.
Marc Delisle schrieb:
Sebastian Mendel a écrit :
i don't think that they will release any disclosure before we find the time
and can fix this
not like other security people holding pistols on our head to release by a
rush ... ;-)
i think Björn will reply with information how he/we will handle the next
step ...
and thanks in advance Björn
--
Sebastian
Hi,
i asked Björn Schotte (CEO Mayflower GmbH) if it would be possible to 'scan'
phpMyAdmin for vulnerabilities using chorizo (for free)
he said yes if they could publish some case study, press release or
something similar
Marc? do you think this is possible?
Yes. Let's hope we have some free time to fix the issues! 
11:25 a.m.
Hi Sebastian, Marc, Björn & list,
Marc Delisle schrieb:
Sebastian Mendel a écrit :
I think, that this is a good idea. Scanners like Chorizo are helpful,
but unfortunately people who want to hack a php application are able to
use them too. This is why we probably should know about vulnerabilities
those scanners will find. The mayflower guys showed me Chorizo a couple
of times at the php conferences and it looked pretty good. I haven't
used it myself yet, though.
Scanning phpMyAdmin once with the full version of Chorizo would be a
good thing to do - as long as Björn waits with the publication of his
case study/press release until the vulnerabilities found have been
fixed. And if you would need some additional manpower for the fixing,
I'll be at your service. :-)
But as the development goes on, it is likely, that new vulnerabilities
find their way into phpMyAdmin. So, some agreement that allows the team
to at least scan betas and RCs of planned major releases would be way
more helpful, imho. Unfortunately, a Chorizo license is unaffordable for
open source projects like phpMyAdmin, that don't have a big company in
the background. :-/
Anyway, there is also a free version. Let's give that one a try.
Regards,
Alexander
Hi,
i asked Björn Schotte (CEO Mayflower GmbH) if it would be possible to 'scan'
phpMyAdmin for vulnerabilities using chorizo (for free)
he said yes if they could publish some case study, press release or
something similar
Marc? do you think this is possible?
Yes. Let's hope we have some free time to fix the issues!
6144
days inactive
6144
days old
3 comments
3 participants
participants (3)
-
cand. inf. Alexander M. Turek -
Marc Delisle -
Sebastian Mendel