quick review of Pixy vulnerability scanner for PEAR users

Lot 49: Greg Beaver's blog

Links to know about


Music
The Chiara String Quartet
Chiara Quartet (MySpace)
Greenwood Music Camp
UNL School of Music

PHP
PEAR Installer Manifesto
phpDocumentor
PEAR
phar
docblock
PHP_Parser
PHP_Parser_DocblockParser
PHP_ParserGenerator
PHP_LexerGenerator
PEAR_PackageFileManager
PHP_Archive
Games_Chess

Blogs
Joshua Eichorn
Paul M. Jones
Davey Shafik


ohloh profile for Greg Beaver

Popular Entries

Setting up your own PEAR channel with Chiara_PEAR_Server - the official way
(32)
Do you develop a website? It is infinitely better to synchronize live and development sites using the PEAR Installer
(25)
doing the PEAR thing
(19)
Using PEAR 1.4.0 to install PEAR packages on a remote host
(19)
PEAR now fits in a bottle: meet go-pear.phar
(17)

Categories



All categories

Syndicate This Blog

Powered by

Friday, June 22. 2007

quick review of Pixy vulnerability scanner for PEAR users

Just a quick note, I tried out the Pixy XSS and SQLI Scanner (http://pixybox.seclab.tuwien.ac.at/pixy/index.php) on a few simple PEAR files.  On the first, I got a java exception, on the second it was unable to resolve the simplest of includes (no ability to resolve include_path).

In short, the thing is useless for anything written using PEAR.  Fun!

Posted by Greg Beaver in PEAR at 07:13 | Comments (4) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Wow, haven't looked at Pixy in about a year myself... good to see it's gone past 2.0.

Did you try the web interface, or did you download and run it locally? I had toyed with it about a year ago on some internal work code, seeing what it picked up, and I don't remember any problems running it.

If you downloaded it, look for me in the eclipse-usage.txt doc file ;-)
#1 Chuck Burgess (Homepage) on 2007-06-23 04:46 (Reply)
Greg, please email us the details of the issues that you encountered. We are very interested in solving problems and helping people use Pixy, but we need some information for that.

-- Nenad
#2 Nenad Jovanovic (Homepage) on 2007-06-26 00:34 (Reply)
Please send us the details of the problems you had with Pixy, so that we can solve these issues. We are very interested in improving our tool.

-- Nenad
#3 Nenad Jovanovic (Homepage) on 2007-07-02 02:26 (Reply)
Good work :-)
#4 sf (Homepage) on 2007-07-10 06:20 (Reply)

Add Comment

Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

BBCode format allowed
You can use [geshi lang=lang_name [,ln={y|n}]][/lang] tags to embed source code snippets
 
Submitted comments will be subject to moderation before being displayed.
 

Links in this article

PEAR Installer Manifesto

Calendar

Back July '09
Mon Tue Wed Thu Fri Sat Sun
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Quicksearch

My Latest Releases


pearweb_manual 1.1.1

Jul 2, 2009
PEAR_Command_Packaging 0.2.0

Jun 27, 2009
pearweb 1.21.1

Jun 23, 2009
pearweb_pepr 1.0.2

Jun 20, 2009
pearweb 1.21.0

Jun 14, 2009
pearweb_index 1.21.0

Jun 14, 2009
pearweb 1.20.2

Jun 8, 2009
pearweb 1.20.1

Jun 5, 2009
pearweb 1.20.0

Jun 3, 2009
pearweb 1.19.0

Jun 2, 2009

Top Exits

pear.php.net (311)
www.php.net (154)
php.net (97)
pear.chiaraquartet.net (80)
chiaraquartet.net (74)

Blog Administration

Open login screen