Hanno's blog

Hanno's Blog

Entries tagged as code

Related tags

Thursday, October 18. 2007

freewvs released

One of the biggest threats in computer security today are web applications. There's a vast number of issues found in popular web apps, mostly cross site scripting, cross site request forgery and sql injection. For a long time I had the idea of a tool scanning through webroots and looking for popular web applications, comparing them with a database of their latest security issues. In the past weeks, I finaly managed to get some code done.

It's a quite simple python-script (don't cry about the source quality, I haven't done real coding for ages), together with a database of some popular applications. I'm looking forward to hear feedback. The usage is simple, just do something like this:
freewvs /home/joe/websites/foo /home/guest/websites/bar
Typical output looks like this:
WebsiteBaker 2.4.3 (2.6.5) CVE-2007-0527 /home/hanno/freewvs/test/websitebaker
Drupal 5.1 (5.3) CVE-2007-5416 /home/hanno/freewvs/test/drupal
PhpWebGallery 1.5.1 () CVE-2007-5012 /home/hanno/freewvs/test/phpwebgallery
Mostly self explaining. The found app at the beginning, the version where the issue was fixed in brackets, the CVE-ID (or some other vulnerability id, in doubt an URL) and the path.

The biggest work to do is probably to get more applications added to the database and to keep the database updated. It's format is pretty self-explaining, so I'm waiting for your patches.

Get it here: https://freewvs.schokokeks.org/
Posted by Hanno Böck in Code, English, Linux, Security at 19:04 | Comments (3) | Trackbacks (0)
Defined tags for this entry: , , , , , ,

Friday, September 29. 2006

PHP braindamage

Okay, I knew PHP isn't the most well-designed language in the world. I knew it grew up from a hobbyist language and that it is used for things today it never was meant for. I knew that it's function names sometimes aren't very intuitive.
But today I started to hate it. Now, beside various other strange things, this one let's me wonder which drugs the person that implemented this was consuming:

PHP is, by design, syntactical similar to C, meaning it has curly brackets, same comment syntax, same syntax for if, for and other basic commands. Now, one would probably think that a function named the same in C and PHP would do the same. Or at least something similar.
Due to the fact that C is very low-level, it has a function called sizeof() that gives you the amount of bytes a variable type uses in memory. E. g., an integer is the basic type of the current architecture, not always the same size (4 byte on i386, 8 byte on amd64). With sizeof() you can get the size of the type.
Now, I was looking for a function to get the number of elements in an array. I searched and found, well, sizeof(). Which I couldn't really believe. Due to the abstract structure of PHP, it seemed quite impossible to me to have something like sizeof() in php. It really gives you the number of elements in an array.
Posted by Hanno Böck in Code, English at 02:40 | Comments (6) | Trackbacks (0)
Defined tags for this entry: , , , ,
(Page 1 of 1, totaling 2 entries)

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz