Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Vulnerable Sites Database InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Vulnerable Sites Database

Published: 2010-04-26
Last Updated: 2010-04-26 16:50:26 UTC
by Raul Siles (Version: 1)
4 comment(s)

Besides other common sources of real security vulnerabilities made public, such as the full-disclosure mailing-list, (well known for the publication of web defacement and vulnerabilities), or the (that publishes websites that are vulnerable to Cross-Site Scripting, XSS), a new website saw the light this month: the Vulnerable Sites Database (

This disclosure repository publishes web server and web application vulnerabilities, such as Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL Injection (SQL), Cross-Site Scripting (XSS), Cross-Site REquest Forgery (CSRF), Directory Traversal, etc. The site says they practice "Responsible disclosure no details are made public (details of vulnerabilities are privately reported to developer or web site owners).", with limited details about the vulnerability, but definitely becoming a new wall of shame. A new place to keep an eye on and try not to show up in the picture.

Although similar initiatives existed in the past and then disappear, and although it is too soon to confirm, for now, the site remains very active with multiple daily entries.

Raul Siles
Founder and Senior Security Analyst with Taddong

4 comment(s)
Diary Archives