Full Disclosure mailing list archives

Re: New Source Code Vulnerability Scanner (Free 30 Day Trial)

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Fri, 3 Dec 2010 01:46:56 -0800

grep -r ACIDBITCHES *


This code has two very obvious detection bypass vulnerabilities:

1) It fails to scan dotfiles in the starting directory,

2) It can be tricked into not producing any output by creating a file
named "-q" in the starting dir.

Let me fire up my vulnerability research whitepaper generator.

/mz

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

New Source Code Vulnerability Scanner (Free 30 Day Trial) vulnscan (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Eyeballing Weev (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 02)
  - Message not available
    - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 02)
  - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Jens Christian Hillerup (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Cal Leeming [Simplicity Media Ltd] (Dec 02)
  - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) dave b (Dec 02)
    - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Cal Leeming [Simplicity Media Ltd] (Dec 03)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michael McGraw-Herdeg (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) IA64 LOL (Dec 02)
- Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Michal Zalewski (Dec 03)
  - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Georgi Guninski (Dec 04)
    - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) netinfinity (Dec 04)
    - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Georgi Guninski (Dec 04)
    - Re: New Source Code Vulnerability Scanner (Free 30 Day Trial) Adam Kration (Dec 05)