this isn’t terribly shocking, and seems rather preliminary. still,
very interesting.

jose nazario worked out some numbers using the google code search.

http://monkey.org/~jose/blog/viewpage.php?page=google_code_search_stats

interesting quotes:

some stats based on simple queries used to find bugs (ie based on some
reasonable regular expressions):

* strcpy from argv[x]: about 7,000
* strcat from argv[x]: about 1,000
* php-based remote file include vulns: 117 or so using get, 100 or so for post
* php-based sql injection vulns:
o select: about 600 using get, about 500 using post vars
o update: about 200 using get, about 400 using post vars
o delete: about 300 using get, about 300 using post vars
* php-based xss vulns (it is the summer of file include, sql injection and xss on bugtraq): about 2700
o about 200 based on the info sent outside of the post vars or the url requested (ie user-agent fun)
o an additional 100 based on cookie variables …
* *printf-based buffer overflows? about 202,000 possible, hopefully lss!
* about 50 format string vulns revealed
* off-by-ones (as pointed out by aaron@)? about 300.
* createfilemapping null security (using ollie’s idea but adjusted for google codesearch): about 400

i keep updating every search pattern i find here:
http://blogs.securiteam.com/index.php/archives/663

sun shine,
sunshine@beyondsecurity.com.

-

Is your site safe from SQL Injection attaks? Sign up for Beyond Security’s Automated Vulnerability Detection Service today!