[VIM] arfis: automated grep-and-gripe

Sullo sullo at cirt.net
Tue Sep 18 19:45:37 UTC 2007


Interesting. I proposed doing this as a Google Summer of Code project
but CIRT didn't get chosen for participation.  Of course, my hope was to
go a bit beyond 'grep and gripe' and have eyes-on results before anyone
would be notified (and then it would automatically notify the
SourceForget project admin & track days since notification, etc.)...


Steven M. Christey wrote:
> Hey Jericho,
>
> Turns out that all our lost sleep was not in vain.
>
>   the "arfis project", a simple perl script. It automatically
>   downloads and extract PHP projects from sourceforge.net and checks
>   for Remote File Inclusion vulnerabilities. It then post's the
>   potential (now it's -potential-, cause the script is in an early
>   stadium) vuln to this blog.
>
>   http://arfis.wordpress.com/
>
> CVE has picked up some of these and disputed a chunk of 'em, but some
> appear legit.  At this instant, I'm of the mindset of de-prioritizing
> them as unreliable, but neither do I like the upward trend of
> increasing numbers of disputes.
>
> - Steve
>
>   



More information about the VIM mailing list