Our great sponsors
htshells | Libc | |
---|---|---|
2 | 4 | |
975 | 6 | |
- | - | |
0.0 | 0.0 | |
about 2 years ago | about 4 years ago | |
Shell | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
htshells
-
Independently secure, together not so much - a story of 2 WP plugins
If you've got the ability to write .htaccess files, you pretty much already have RCE and do not need additional upload vulnerabilities. See https://github.com/wireghoul/htshells for some fun examples.
-
Null
Found some GitHub issues [1] with something similar: an enterprise firewall blocking a repo because it contained the string "arglebargleglopglyf" [2] in some tests.
The text was flagged as malicious because of its presence in the repo github.com/wireghoul/htshells [3]. However, the whole point of the word in the htshells repo is that it's an invalid command that breaks Apache, so it could have been almost any random string.
[1] https://github.com/search?q=arglebargleglopglyf&type=issues
[2] https://mume.org/help/arglebargle
[3] https://github.com/wireghoul/htshells/blob/master/dos/apache...
Libc
- Setenv Is Not Thread Safe and C Doesn't Want to Fix It
-
Getaddrinfo() on glibc calls getenv(), oh boy
Doesn't musl have the same issue? https://github.com/JuliaLang/julia/issues/34726#issuecomment...
I also wonder about OSX's libc. Newer versions seem to have some sort of locking https://github.com/apple-open-source-mirror/Libc/blob/master...
but older versions (from 10.9) don't have any lockign: https://github.com/apple-oss-distributions/Libc/blob/Libc-99...
- Regex and gcc versions
-
Null
All three are probably using glibc, which does that, yes. On Darwin Apple’s libc prints “(null)”: https://github.com/apple-open-source-mirror/Libc/blob/5e566b.... I should also note that passing a non-null pointer to printf is the only correct way to use it ;)
What are some alternatives?
FlameCord - The ultimate antibot BungeeCord and Waterfall fork for a Secure and Fast Minecraft or Spigot Network. FlameCord protects your server from bot attacks and exploits with its antibot features. FlameCord also fixes bugs, improves performance and adds new functionalities. Download FlameCord now.🔥
musl - unofficial musl mirror git://git.musl-libc.org/musl
fancy-index - A responsive Apache index page.
go - The Go programming language
wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Libc
ImgBackdoor - Hide your payload into .jpg file
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
hack - Kubernetes security and vulnerability tools and utilities.
src - Automatic conversion of the NetBSD src CVS module, use with care. Please submit bugs/changes via https://gnats.netbsd.org
GovCMS7 - Current stable release of the main Drupal 7 GovCMS distribution, with releases mirrored at https://www.drupal.org/project/govcms
glibc - Unofficial mirror of sourceware glibc repository. Updated daily.