[VIM] arfis: automated grep-and-gripe
jericho at attrition.org
Wed Sep 19 14:18:45 UTC 2007
: Turns out that all our lost sleep was not in vain.
: the "arfis project", a simple perl script. It automatically
: downloads and extract PHP projects from sourceforge.net and checks
: for Remote File Inclusion vulnerabilities. It then post's the
: potential (now it's -potential-, cause the script is in an early
: stadium) vuln to this blog.
We should have patented the idea last year! =)
: CVE has picked up some of these and disputed a chunk of 'em, but some
: appear legit. At this instant, I'm of the mindset of de-prioritizing
: them as unreliable, but neither do I like the upward trend of increasing
: numbers of disputes.
The number of disputes isn't just an 'upward trend', it is really
straining the resources of VDBs more and more.
More information about the VIM