New Tool Released: MD-Webscan
Source: Written by: - Posted by LinuxSecurity.com Team   
Host Security A small utility released to help administrators check for common CGI vulnerabilities. You can download it here. "This is a little utility I wrote because I got annoyed when Mixter was interviewed by the BBC and yet . . . A small utility released to help administrators check for common CGI vulnerabilities. You can download it here.
"This is a little utility I wrote because I got annoyed when Mixter was interviewed by the BBC and yet I'd seen how badly written his webscan.c was. The main complaint I had was the particular way in which the vulnerabilities were added to the file. There were two big huge arrays of char *'s (100 char *'s each) which had in them the request and the human name, respectively. There's all sorts of problems with this, namely that you can't as easily and assuredly add in new vulnerability checks. After all, what happens when you want to add vulnerability number 101? Most likely, you'd just add in request[101] = "whatever"; and name[101] = "whatever". Then, when you ran the program, it would
segfault and core dump. Plus, his way wasted memory, which is a pretty bad way of doing things. And it wasn't really configurable enough. The list goes on and on. "

Read this full article at Written by:

Only registered users can write comments.
Please login or register.

Powered by AkoComment!