Our great sponsors
-
big-list-of-naughty-strings
The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
GovCMS7
Discontinued Current stable release of the main Drupal 7 GovCMS distribution, with releases mirrored at https://www.drupal.org/project/govcms (by govCMS)
People like that is the reason why this list was created
https://github.com/minimaxir/big-list-of-naughty-strings/blo...
All three are probably using glibc, which does that, yes. On Darwin Apple’s libc prints “(null)”: https://github.com/apple-open-source-mirror/Libc/blob/5e566b.... I should also note that passing a non-null pointer to printf is the only correct way to use it ;)
Found some GitHub issues [1] with something similar: an enterprise firewall blocking a repo because it contained the string "arglebargleglopglyf" [2] in some tests.
The text was flagged as malicious because of its presence in the repo github.com/wireghoul/htshells [3]. However, the whole point of the word in the htshells repo is that it's an invalid command that breaks Apache, so it could have been almost any random string.
[1] https://github.com/search?q=arglebargleglopglyf&type=issues
[2] https://mume.org/help/arglebargle
[3] https://github.com/wireghoul/htshells/blob/master/dos/apache...
https://github.com/govCMS/govCMS7/commit/ab5da5fd0cb3d7e1d33...