[VIM] arfis: automated grep-and-gripe

security curmudgeon jericho at attrition.org
Wed Sep 19 14:18:45 UTC 2007

: Turns out that all our lost sleep was not in vain.
:   the "arfis project", a simple perl script. It automatically
:   downloads and extract PHP projects from sourceforge.net and checks
:   for Remote File Inclusion vulnerabilities. It then post's the
:   potential (now it's -potential-, cause the script is in an early
:   stadium) vuln to this blog.
:   http://arfis.wordpress.com/

We should have patented the idea last year! =)

: CVE has picked up some of these and disputed a chunk of 'em, but some 
: appear legit.  At this instant, I'm of the mindset of de-prioritizing 
: them as unreliable, but neither do I like the upward trend of increasing 
: numbers of disputes.

The number of disputes isn't just an 'upward trend', it is really 
straining the resources of VDBs more and more.


More information about the VIM mailing list