If you really want to hear about it, the first thing you’ll probably want to know is where I was born, and what my lousy childhood was like, and how my parents were occupied and all before they had me, and all that David Copperfield kind of crap, but I don’t feel like going into it, if you want to know the truth. In the first place, my parents would hvae about two hemorrhages apiece if I told anything pretty personal about them. They’re quite touchy about anything like that, especially my father. They’re nice and all – I’m not saying that – but they’re also touch as hell.

source code comments

1. browser – right click view source

2. firefox plugin firebug

software vulnerabilities are sometimes documented within source code comments.
This often occurs because developers are aware that a particular operation is unsafe, and they record a reminder to fix the problem latter, but they never get round to it.

Example found in a source code

char buf(200): // I hope this is big enough

strepy{buf, userinput};

Searching source code for comments indicating common problems is frequently an effective source of low-hanging fruit.

common search

//
admin
administrator
bad
bug
code
cookie
crash
fix
hope
inject
overflow
pass
password
problem
secure
todo
trust
xss

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s