It has been almost a year since the last “can you find the vulnerabilities” post so I thought it was time for another one.
This year I’m taking a slightly different approach. The post in 2009 gave you a small piece of source code to review and you needed to find the vulnerability. This year I’m going to give you the application name, the vulnerability type/name and all of the source code for the application.
You can obviously cheat and just Google “application name and vulnerability type/name” and get the answer but where is the fun in that?
Before I start I have to give credit to the Exploit Database for hosting vulnerable versions of applications. The open source applications I’m using for this post have come from advisories posted on the Exploit Database website.
I have selected five applications with five different vulnerabilities. Four of the applications are web applications written in PHP and the fifth one is a Linux application written in C++.
I have listed the applications below along with a download link for the vulnerable version of the application:
Killmonster – SQL Injection
mBlogger – Stored Cross Site Scripting
sFileManager – Local File Inclusion
Apache JackRabbit – XPath Injection
Printoxx – Local Buffer Overflow
I think the first application in the list has the easiest vulnerability to find through to the local buffer overflow potentially being the most difficult to find.
I hope you enjoy the challenge of trying to find all of the vulnerabilities in these applications. I know that at least one of the applications I’ve included in this challenge has more than one vulnerability in it so see if you can find them all.
I would be happy to receive emails (securityninja at realexpayments dot com) from anyone who thinks they have found the vulnerabilities in all five applications, please don’t give the answers away in the blog comments as that might spoil the challenge for others.
I will post the answers next week, have fun!