Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

testbed for Joomla Improper AccessCheck in WebService Endpoint #92

Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

testbed for Joomla Improper AccessCheck in WebService Endpoint #92

wants to merge 13 commits into from

Conversation

am0o0
Copy link
Contributor

@am0o0 am0o0 commented Oct 19, 2024

hello, this is according to the @leonardo-doyensec request in this issue:
google/tsunami-security-scanner-plugins#529

@am0o0 am0o0 mentioned this pull request Oct 19, 2024
Merged
lokiuox
lokiuox suggested changes Oct 25, 2024
View reviewed changes
Copy link
Contributor

@lokiuox lokiuox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @am0o0, thanks for your contribution!

I confirm the testbed is working, I've left a few comments on a few very minor improvements.

joomla/CVE-2023-23752/docker-compose-safe.yml Outdated Show resolved Hide resolved
joomla/CVE-2023-23752/docker-compose-safe.yml Outdated Show resolved Hide resolved
joomla/CVE-2023-23752/docker-compose-vulnerable.yml Outdated Show resolved Hide resolved
joomla/CVE-2023-23752/docker-compose-vulnerable.yml Outdated Show resolved Hide resolved
lokiuox
lokiuox approved these changes Nov 21, 2024
View reviewed changes
Copy link
Contributor

@lokiuox lokiuox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, LGTM.

lokiuox
lokiuox suggested changes Nov 21, 2024
View reviewed changes
Copy link
Contributor

@lokiuox lokiuox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @am0o0,

after testing again I noticed that switching from one testbed to the other (safe to vulnerable and viceversa) could reuse the old containers, therefore triggering a false positive/negative. Added the name: directives to mark the files as distinct from each other.

joomla/CVE-2023-23752/docker-compose-safe.yml Show resolved Hide resolved
joomla/CVE-2023-23752/docker-compose-vulnerable.yml Show resolved Hide resolved
lokiuox
lokiuox approved these changes Nov 25, 2024
View reviewed changes
Copy link
Contributor

@lokiuox lokiuox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

copybara-service bot pushed a commit that referenced this pull request Nov 27, 2024
@copybara-github
Merge pull request #92 from am0o0:JOOMLA
ed490d1 
PiperOrigin-RevId: 700778524
Change-Id: I4767ecdcb3a22065ef6ccdaae0ce8447f723f400
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lokiuox lokiuox lokiuox approved these changes

@tooryx tooryx tooryx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@am0o0 @tooryx @lokiuox