mailing list archives
Insecurity Stats via Google Code Search
From: Gadi Evron <ge () linuxbox org>
Date: Sun, 8 Oct 2006 03:21:39 -0500 (CDT)
This isn't terribly shocking, and seems rather preliminary. Still,
Jose Nazario worked out some numbers using the Google code search.
some stats based on simple queries used to find bugs (ie based on some
reasonable regular expressions):
* strcpy from argv[x]: about 7,000
* strcat from argv[x]: about 1,000
* PHP-based remote file include vulns: 117 or so using GET, 100 or so
* PHP-based SQL injection vulns:
o SELECT: about 600 using GET, about 500 using POST vars
o UPDATE: about 200 using GET, about 400 using POST vars
o DELETE: about 300 using GET, about 300 using POST vars
* PHP-based XSS vulns (it is the summer of file include, SQL injection
and XSS on bugtraq): about 2700
o about 200 based on the info sent outside of the POST vars or
the URL requested (ie User-Agent fun)
o an additional 100 based on COOKIE variables ...
* *printf-based buffer overflows? about 202,000 possible, hopefully
* about 50 format string vulns revealed
* off-by-ones (as pointed out by aaron@)? about 300.
* CreateFileMapping NULL Security (using Ollie's idea but adjusted for
google codesearch): about 400
I also keep updating every search pattern I find, here:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Insecurity Stats via Google Code Search Gadi Evron (Oct 08)