@buherator sharing $c over the network which included the Internet back then.
@buherator self replicating virii come to mind, and I feel that format string bugs got rarer
@buherator php injections into system() and include()?
@buherator With the exception of recent Qualys findings, userland LPEs seem less common now (setuid bins, etc.)? This could be explained by the "recent" hegemony of Linux, even though @raptor has fun with Solaris from time to time.
@buherator Word macro viruses? 🤔
"I love you" was the plague of the time, and in my spam folder I haven't seen those for quite some time..
@buherator @freddy It’s always been an old-school bug class for me, but I wasn’t around in the 90’s so it could be "artificial" nostalgia :D
@buherator all things eval() and friends in any interpreted language.
@buherator the year 2000 bugs are all mitigated by now. Wait... 🤣
@buherator @swapgs 20+ years ago, you could scan a network, identify some software in use, download it, reverse it if it wasn’t open source, audit it for security vulnerabilities, write an exploit and hack your target in a few days/weeks.
Now, I think it’s harder. I’d say mostly because of mitigations, I don’t believe developers got any better, although some common software became more mature and robust.
Luckily (for attackers) there are still security appliances that are easy to exploit 😜
@buherator For me it's the unauth remotely exploitable shit that's getting harder to find, credentials however are easier to obtain these days, authenticated attacks on software are still everywhere and useful for getting into infra.
@buherator IMHO fs path traversals are still a thing
@joern @buherator It's tough to think of one that _isn't_ memory corruption (Windows SEH pop/pop/ret, easy heap exploits due to lack of DEP/ASLR, etc). Everything else is still out there in some form (missing auth, embedded credentials, SQL injection, even format strings for info-leaks).
@buherator @hdm Stuff gets better in general I think. Just by programming languages making better choices e.g. AFAIK in Go you don’t have a built in system
method which does sh -c $USERINPUT
. Another example is Ruby’s ReDoS defenses shipped in 3.2.
@buherator @hdm since the media hype around ZIP traversals those were addressed at large in frameworks/languages.
@buherator Well comparing to the early days of PHP is kinda unfair :D. Things have generally evolved and we have a huge security industry nowadays with all kinds of silver bullets
@buherator File upload into the webroot accepting (e.g.) .php files, leading to RCE.
@buherator I'd argue that if SQLi fits your bill, then *XSS should be there as well, at least in my experience. Modern frameworks do generally a good job at mitigating both vuln classes with default settings, and usually require the dev to explicitly disable the safeguards in order to fuck it up.
@joern @buherator flipping the question around, what bug classes have become more common? (excluding LLM prompt injection) -- maybe HTTP desyncs?
@buherator Despite it being a solved problem, SQL injection is still extremely common, because developers who paste strings together into SQL queries are still extremely common.
@buherator
In the early 2000s almost every consumer router had an admin interface with a trivial injection in the ping diagnostic page.
@swapgs @freddy
@raptor @buherator @swapgs everything in a case sold as an appliance running kernel 2.6 and php 5 helps too, i bet :D