For anyone that has done a long source code audit is not about really finding the easy/low hanging fruit stuff that can be slow and sometimes a bit “frustrating”. I recently had a nice 660,000 lines of code source code audit to be done in less than 2 weeks, the language was Java, so the first thing that was to be done (they had already hit fortify and other tools with it) and were looking for a bit of more interesting stuff apparently. This raised some specific problems while working and finding the vulnerabilities and exploitability of them.
Earlier I was working on a Zen Cart site and ran into an issue installing the Ultimate SEO URL add-on. The Ultimate SEO URL add-on creates more SEO(Search Engine Optimization) friendly URL’s for Zen Cart. The site in question already had a previous version of the Ultimate SEO URL add-on installed and once I was finished the front-end of the site was working perfectly with the new SEO friendly URL’s. The problem was when I attempted to login to the admin portion of the Zen Cart site I was receiving a “500 – Internal Server Error” message. Below I have noted information on what was done to troubleshoot the problem as well as how the problem was resolved.
To create a PL/pgSQL stored procedure, copy and paste a dummy procedure like this into the “Execute arbitrary SQL queries” window in PgAdmin 1.8.4: