Detect backdoor in lighttpd web server: Range header triggers command execution via fork/exec with /bin/sh path built char-by-char to evade detection.
Performance
| Model | Pass Rate | Runs | Avg Cost | Avg Time |
|---|---|---|---|---|
| glm-4.7 | 33% | | $0.36 | 18m |
| gemini-3-flash-preview | 33% | | $0.40 | 5m |
| gemini-3-pro-preview | 33% | | $0.79 | 8m |
| claude-opus-4.6 | 33% | | $9.56 | 79m |
| grok-4.1-fast | 0% | | $0.02 | 3m |
| deepseek-v3.2 | 0% | | $0.08 | 15m |
| gpt-5.2-codex | 0% | | $0.28 | 4m |
| gpt-5.2 | 0% | | $0.32 | 11m |
| gpt-5 | 0% | | $0.33 | 10m |
| kimi-k2.5 | 0% | | $0.36 | 29m |
| claude-sonnet-4 | 0% | | $0.47 | 4m |
| claude-haiku-4.5 | 0% | | $0.49 | 6m |
| gemini-2.5-pro | 0% | | $0.53 | 6m |
| grok-4 | 0% | | $0.65 | 11m |
| claude-sonnet-4.5 | 0% | | $1.30 | 10m |
| claude-opus-4.5 | 0% | | $3.18 | 31m |
All product names, logos, and brands (™/®) are the property of their respective owners; they're used here solely for identification and comparison, and their use does not imply affiliation, endorsement, or sponsorship.