None whatsoever personally, I don't care to look into stuff that old.
Glen
On 08/01/2014 11:33 AM, Marc-André Laverdière wrote:
Hello Glen,
I certainly want to put much more recent packages in a new version of
securibench, and that probably will include a recent version of roller.
That being said, I see no problem having a mix of old and new. I'm sure
that there are webapps out there that haven't been significantly updated
since 2005 and it would be nice if I could analyze them too.
In the meantime, any clue about this escapeText?
Marc-André Laverdière-Papineau
Doctorant - PhD Candidate
On 08/01/2014 11:16 AM, Glen Mazza wrote:
Hi Marc-Andre, as far as I can tell that SecuriBench site hasn't been
updated in almost nine years, nearly all of it is probably obsolete.
You should try to find something more recent to work with on the 'Net,
if you can't do better than something from 2005 that would tend to
indicate that your approach to reference baselining is no longer common
today, and that some other approach should be used.
Anyway, that class below does not exist in modern-day Roller. Your fix
would be to pull out that ancient Roller version and rely on the
remaining non-Roller packages there, or replace it with modern Roller
that you can download from our website.
Glen
On 08/01/2014 10:45 AM, Marc-André Laverdière wrote:
Hello,
Securibench uses an outdated version of Roller and it looks like
Tomcat's JspC isn't able to compile it anymore.
http://suif.stanford.edu/~livshits/securibench/
This is the error that I'm getting:
An error occurred at line: 42 in the jsp file:
/weblog/spellcheck-entry.jsp
escapeText cannot be resolved to a variable
39:
40: <table class="rTable" width="90%" border="1">
41: <tr class="rEvenTr">
42: <td class="rTd"><font style='font-size: 14px;
vertical-align: middle; line-height= 18px; font-family: verdana,
sans-serif;'><%= escapeText %></font></td>
43: </tr>
44: </table>
45: <br />
I would appreciate your help for a quick fix. I understand that this is
very very old code, and that few people know about it - and thus not
really interesting to maintain... But it is important for us security
folks to have some kind of reference baseline for testing our tools.
Your help is greatly appreciated.
Regards,
