downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | conferences | my php.net

search for in the

Installazione/Configurazione> <Taint
[edit] Last updated: Fri, 17 May 2013

view this page in

Introduzione

Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc.

When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

Example #1 Taint()example

<?php
$a trim($_GET['a']);

$file_name '/tmp' .  $a;
$output    "Welcome, {$a} !!!";
$var       "output";
$sql       "Select *  from " $a;
$sql      .= "ooxx";

echo $output;

print $$var;

include($file_name);

mysql_query($sql);
?>

Il precedente esempio visualizzerĂ  qualcosa simile a:

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted


add a note add a note User Contributed Notes Introduzione - [0 notes]
There are no user contributed notes for this page.

 
show source | credits | stats | sitemap | contact | advertising | mirror sites