[Blake]

In this thread please suggest the web application that you would like to be loaded. After a bit, we will put them into a poll and a vote wil be taken. I will start.

It must be a LAMP (Linux Apache MySql PHP) application.

phpbb

[Stephen]

InvisionPowerBoard

phpBB

vBulletin

[sfzhi]

IPB <_<

[Blake]

vBulletin and IPBB may be a problem due to licensing issues and costs

[belgther]

IIS can be used as well as Apache. Unlike IPB, it doesn't have license problems, and it will be exciting to find new IIS exploits :)

[ShadowRun]

maybe some free internet shop :P
not that i intend to hack any, but it could be fun to find some holes :)

like:

htp://www.softline.de/home/index
htp://www.easyshopmaker.com/
htp://www.shopfactory.com/

or anything like those

[Blake]

belgther, on Jul 7 2005, 08:35 PM, said:

IIS can be used as well as Apache. Unlike IPB, it doesn't have license problems, and it will be exciting to find new IIS exploits :)

<{POST_SNAPBACK}>

First We are starting with a liinux server. A windows server may foolow but not right now.

[Blake]

come on guys we need more suggestons

[Dennis]

running other shop scripts that are widely used like Zencart or OScommerce.

FLX

[genxweb]

FLX, on Jul 8 2005, 05:30 AM, said:

running other shop scripts that are widely used like Zencart or OScommerce.

FLX

<{POST_SNAPBACK}>

You guys should look at the foundstone ecommerce script they offer a online bank hack and a online ecommerce hack. The scripts need iis and msde.

[crock]

xoops
minerva

[[_-ViCiOuS-_]]

postgresql
asterisk
apache
php

[Rafter]

I would suggest to put different categories of php/mysql application under fire, one after the other !!

Among others:
- Forums (phpBB, ...)
- CMS / portal (phpNuke, ...)
- Image Galleries (Yapig, Coppermine, SPGM, ...)

To get an idea of the categories and applications we may have a look at :
http://www.opensourcecms.com/

They already have a list, even if it's far to be exhaustive ;)

[cvh]

Here is a collection of some cgi and perl script, such as a bbs board,...

(This vendor has lots of holes in his software and refuses to release patches, he is the author of the webhints script which blahplok exploited, he just removed the link to the exploited scripts on his site. http://www.securityf.../13930/solution )

I have seen some bugs already in the bbs board, major ones.


http://awsd.com/scripts/