[VIM] arfis: automated grep-and-gripe
security curmudgeon
jericho at attrition.org
Wed Sep 19 14:18:45 UTC 2007
: Turns out that all our lost sleep was not in vain.
:
: the "arfis project", a simple perl script. It automatically
: downloads and extract PHP projects from sourceforge.net and checks
: for Remote File Inclusion vulnerabilities. It then post's the
: potential (now it's -potential-, cause the script is in an early
: stadium) vuln to this blog.
:
: http://arfis.wordpress.com/
We should have patented the idea last year! =)
: CVE has picked up some of these and disputed a chunk of 'em, but some
: appear legit. At this instant, I'm of the mindset of de-prioritizing
: them as unreliable, but neither do I like the upward trend of increasing
: numbers of disputes.
The number of disputes isn't just an 'upward trend', it is really
straining the resources of VDBs more and more.
.b
More information about the VIM
mailing list