[Wolves] Content Management

sparkes sparkes at phreaker.net
Wed Mar 17 09:49:45 GMT 2004


On Wed, 2004-03-17 at 09:42, Carl Pickering wrote:
> Just FYI - Mambo
<snip>
> Solution:
> Special thanks goes to Robert Castley for his very prompt, and 
> professional response,
> and for the genuine concern regarding the security of Mambo Open Source 
> server. A new
> version of the Mambo Open Source package is now available from their 
> official website
> and should be applied soon as possible. Advisory @ 
> http://www.gulftech.org/03162004.php
I read the Web App Sec list (as well as bugtraq and the like) and this
is pretty typical of Mambo.  But to be fair a lot of people are
discovering simple XSS and SQL injections and are releasing advisories
like this without telling the team in question before hand.  At least
Mambo heard about it and could fix the problem before the world was told
about it.

I last played with mambo about 18 months back and at that time it only
looked like about 48 hours of coding work to get your own clone of it
written but it does seem to be progressing in a sane direction.

sparkes





More information about the Wolves mailing list