[OWASP Joomla Vulnerability Scanner] joomscan.pl 0.0.3 Patched

Aung Khant aungkhant at yehg.net
Sun Aug 23 10:55:50 EDT 2009


Hi Brandon

The attached file is what you suggested few days ago for suppressing warning
messages with additional variable checks.

    /to avoid warning messages:
        - affected variables: $proxy
        - affected functions: array_max, array_min, emacs compatible split()
at htime()
    /to add additional administrator directory probing

For array_max, array_min functions, I return ? instead of filling up with
dummy values like 0 or 999.
This is because people will falsely think those dummy numbers as version
ranges.
So, reporting like (1.5.?? - 1.5.??) will feel them good.

I credit your name in contributor list in doc/ directory in coming release
of 0.0.3-a.
Please test it in your leisure. If it's ok, I'll commit it to svn.

Thank you for your contribution.

-- 
Best Regards
YGN Ethical Hacker Group
http://yehg.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-joomla-vulnerability-scanner/attachments/20090823/664dbf32/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: joomscan.pl
Type: application/octet-stream
Size: 107959 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-joomla-vulnerability-scanner/attachments/20090823/664dbf32/attachment-0001.obj 


More information about the Owasp-joomla-vulnerability-scanner mailing list