lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.21.0610080314380.22104-100000@linuxbox.org>
Date: Sun, 8 Oct 2006 03:21:39 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: bugtraq@...uxbox.org
Cc: full-disclosure@...ts.grok.org.uk
Subject: Insecurity Stats via Google Code Search

This isn't terribly shocking, and seems rather preliminary. Still,
very interesting.

Jose Nazario worked out some numbers using the Google code search.

http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats

Interesting quotes:

some stats based on simple queries used to find bugs (ie based on some
reasonable regular expressions):

    * strcpy from argv[x]: about 7,000
    * strcat from argv[x]: about 1,000
    * PHP-based remote file include vulns: 117 or so using GET, 100 or so
for POST
    * PHP-based SQL injection vulns:
          o SELECT: about 600 using GET, about 500 using POST vars
          o UPDATE: about 200 using GET, about 400 using POST vars
          o DELETE: about 300 using GET, about 300 using POST vars 
    * PHP-based XSS vulns (it is the summer of file include, SQL injection
and XSS on bugtraq): about 2700
          o about 200 based on the info sent outside of the POST vars or
the URL requested (ie User-Agent fun)
          o an additional 100 based on COOKIE variables ... 
    * *printf-based buffer overflows? about 202,000 possible, hopefully
lss!
    * about 50 format string vulns revealed
    * off-by-ones (as pointed out by aaron@)? about 300.
    * CreateFileMapping NULL Security (using Ollie's idea but adjusted for
google codesearch): about 400 

I also keep updating every search pattern I find, here:
http://blogs.securiteam.com/index.php/archives/663

	Gadi.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ