[VIM] arfis: automated grep-and-gripe
sullo at cirt.net
Tue Sep 18 19:45:37 UTC 2007
Interesting. I proposed doing this as a Google Summer of Code project
but CIRT didn't get chosen for participation. Of course, my hope was to
go a bit beyond 'grep and gripe' and have eyes-on results before anyone
would be notified (and then it would automatically notify the
SourceForget project admin & track days since notification, etc.)...
Steven M. Christey wrote:
> Hey Jericho,
> Turns out that all our lost sleep was not in vain.
> the "arfis project", a simple perl script. It automatically
> downloads and extract PHP projects from sourceforge.net and checks
> for Remote File Inclusion vulnerabilities. It then post's the
> potential (now it's -potential-, cause the script is in an early
> stadium) vuln to this blog.
> CVE has picked up some of these and disputed a chunk of 'em, but some
> appear legit. At this instant, I'm of the mindset of de-prioritizing
> them as unreliable, but neither do I like the upward trend of
> increasing numbers of disputes.
> - Steve
More information about the VIM