Full Disclosure mailing list archives
Insecurity Stats via Google Code Search
From: Gadi Evron <ge () linuxbox org>
Date: Sun, 8 Oct 2006 03:21:39 -0500 (CDT)
This isn't terribly shocking, and seems rather preliminary. Still, very interesting. Jose Nazario worked out some numbers using the Google code search. http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats Interesting quotes: some stats based on simple queries used to find bugs (ie based on some reasonable regular expressions): * strcpy from argv[x]: about 7,000 * strcat from argv[x]: about 1,000 * PHP-based remote file include vulns: 117 or so using GET, 100 or so for POST * PHP-based SQL injection vulns: o SELECT: about 600 using GET, about 500 using POST vars o UPDATE: about 200 using GET, about 400 using POST vars o DELETE: about 300 using GET, about 300 using POST vars * PHP-based XSS vulns (it is the summer of file include, SQL injection and XSS on bugtraq): about 2700 o about 200 based on the info sent outside of the POST vars or the URL requested (ie User-Agent fun) o an additional 100 based on COOKIE variables ... * *printf-based buffer overflows? about 202,000 possible, hopefully lss! * about 50 format string vulns revealed * off-by-ones (as pointed out by aaron@)? about 300. * CreateFileMapping NULL Security (using Ollie's idea but adjusted for google codesearch): about 400 I also keep updating every search pattern I find, here: http://blogs.securiteam.com/index.php/archives/663 Gadi. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Insecurity Stats via Google Code Search Gadi Evron (Oct 08)
- Re: Insecurity Stats via Google Code Search Niall FitzGibbon (Oct 10)