Introducing the RIPS analysis engine

4 Dec 2016 by Johannes Dahse

RIPS

In today’s post, we would like to share some insights into our static code analysis engine RIPS that detected the security bugs described in the previous and upcoming calendar gifts. The engine has a long history and went through several generations before reaching its current performance. What does it actually do within the few seconds after you click on the scan button and the first vulnerability report pops up? How can a security vulnerability be automatically detected in source code? Let’s have a look.

Read More ...

eFront 3.6.15: Steal your professors password

3 Dec 2016 by Martin Bednorz

eFront

Today, we present our analysis results for eFront, the open-source edition of the thriving e-learning platform eFrontPro. The platform is used by hundreds of organizations world-wide and consists of over 700,000 lines of PHP code, rendering manual security analysis ineffective at best. We will analyze two SQL injections that can be used to leak sensitive data and demonstrate two related RIPS features for detection.

Read More ...

Coppermine 1.5.42: Second-Order Command Execution

2 Dec 2016 by Martin Bednorz

Coppermine

The second gift in our advent calendar contains descriptions of vulnerabilities in Coppermine, a very popular picture gallery application written in PHP and in active development since 2003. It consists of ~160,000 lines of code (medium-sized web application) and is downloaded roughly 1,200 times per week.

Read More ...

FreePBX 13: From Cross-Site Scripting to Remote Command Execution

1 Dec 2016 by Hendrik Buchwald

FreePBX

FreePBX is a web-based graphical user interface that helps users to manage voice-over-IP services. According to the creator, there are over one million production systems using FreePBX worldwide and 20,000 new installations monthly 1. It is the most widely deployed open-source PBX (Private Branch Exchange) platform in use across the world.

Recently, the announcement of a critical security vulnerability caught our attention that was fixed in August 2. Since FreePBX is written completely in PHP, we decided to throw it into our code analysis tool RIPS. The results were more than surprising…

Read More ...

Announcing the Advent of PHP Application Vulnerabilities

25 Nov 2016 by Martin Bednorz

Advent

As the year is slowly coming to an end and the Christmas decorations are starting to brighten up the streets, we at RIPS Technologies decided to give back to the wonderful community surrounding PHP and information security. Starting on December 1st, we are going to open one gift of our advent calendar each day until the 24th. Our gifts are technical blog posts about specific real-world security vulnerabilities in open-source PHP applications that examine PHP security characteristics and how to avoid common pitfalls.

Read More ...