[VIM] VDB nightmares come to life
security curmudgeon
jericho at attrition.org
Sat Jan 30 00:37:13 UTC 2010
[At first, I thought this was 1000 new and was curious how VDBs would
handle. Reading the .dat file though, says that they are *mostly*
compiled from advisories and milw0rm. Ugh..]
http://ha.ckers.org/blog/20100129/large-list-of-rfis-1000/
Large List of RFIs (1000+)
I started on this project over a year ago, and then I stopped, and then I
started it again, and then I stopped again, and finally today, I mostly
got it finished (or as far as I.m willing to take it for today). I wanted
to create a master list of a mess load of RFI (remote file include)
attacks. I got the list from various sources and I.m sure I.m missing a
ton so yes, if you think there.s some I.ve missed, go ahead and forward
them on to me and I.ll add them in.
You can download the full list here (1002 RFIs at the time of writing).
But because of how I built this it.s got a few issues. The first one is
that it doesn.t take into account the path to the vulnerable function. So
if it.s http://www.vulnerable.com/bob/something. you have to add that in.
The second issue is that sometimes the trailing question mark is needed
but it.s not added in the string. But you may require the additional
question mark so that you don.t get /r57.txt.somegarbage but rather
/r57.txt?.somegarbage which will work. So if you use this, you may have to
add in your own question marks after your RFI URL. Anyway, thoughts are
welcome, and big thanks for the hundreds of people who found these in the
first place!
More information about the VIM
mailing list