[VIM] arfis: automated grep-and-gripe
Steven M. Christey
coley at mitre.org
Tue Sep 18 19:12:33 UTC 2007
Turns out that all our lost sleep was not in vain.
the "arfis project", a simple perl script. It automatically
downloads and extract PHP projects from sourceforge.net and checks
for Remote File Inclusion vulnerabilities. It then post's the
potential (now it's -potential-, cause the script is in an early
stadium) vuln to this blog.
CVE has picked up some of these and disputed a chunk of 'em, but some
appear legit. At this instant, I'm of the mindset of de-prioritizing
them as unreliable, but neither do I like the upward trend of
increasing numbers of disputes.
More information about the VIM