Friday, April 16, 2010

Vulnerable Sites Database: More Intrusion as a Service

Last year I blogged about Shodan, and today thanks to Team Cymru I learned of the latest evolution of Intrusion as a Service. It's called the Vulnerable Sites Database.

According to the site, to be listed as a vulnerable site a submitter must provide "1. site name 2. vulnerability or JPG proof." This reminds me of a Web defacement archive where the submitter demonstrates having defaced a Web site, but with we get details like "local file inclusion" or "SQL injection."

All we need now is to pair the search capability of a site like Shodan with the vulnerability data for an entire site as provided by the Vulnerable Sites Database. How about a cross-reference against sites currently whitelisted by Web proxy providers and others who use reputation to permit access? Something like:

Select sites where the reputation is GOOD, that are hosted in the US, and are vulnerable to SQL injection?

Next, exploit vulnerable sites and use them for hosting malware, acting as command and control servers, and so on.

While neat, I thought Shodan was dangerous enough to attract LE attention and be shut down. I wonder how long will last. A site like I just described would probably really cross the line. I hope.

Update: Thanks to @jeremiahg for pointing me towards


Bob said...

Even if this website cannot be acknowledged morally at this point, it still is a good source of information and evidence on vulnerabilities. This could actually be used for constructive security research.

theprez98 said...

I'm still willing to take a bet on a SHODAN shut-down date. ;-)