String type should be split into SQL, HTML and Unsafe (normal) #1
Comments
|
Hi, yes the change you're mentioning is definitely possible, and we in fact thought about several approaches to making Phantm detect such vulnerabilities. Would you have an immediate use for this functionality? Ideally, we would love to hear about evaluation results, although we understand people do not always have the liberty to share such information. Regards, |
CaptainEmerson
pushed a commit
to SoftwareEngineeringToolDemos/FSE-2010-Phantm
that referenced
this issue
Jun 24, 2016
CaptainEmerson
pushed a commit
to SoftwareEngineeringToolDemos/FSE-2010-Phantm
that referenced
this issue
Jun 24, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could PHANTM be modified to detect SQL and XSS injection attacks by having separate types for different strings? If a mysql_query() gets a string that isn't SQL safe, it's counted as an error. Similarly if an echo or print statement gets a string that isn't HTML safe.
htmlentities() should return HTML safe strings. mysql_real_escape() should return SQL safe strings. Hard coded strings shuold be considererd safe as both SQL and HTML until they are concatenated with something that isn't.
PHP-sat detects this kind of thing, but only works on old PHP 4 code, and it doesn't do the other stuff that PHANTM does.
The text was updated successfully, but these errors were encountered: