--exploits flag not working ? #18

LucasDemea · 2021-03-03T12:51:40Z

Hi, thanks for this amazing tool !
When I try to run a scan with the --exploits flags, it seems it is not working as intended :

This is the command I enter :

php scanner web/app/ --exploits="double_var2"

I get :

Exploit to search: double_var2 Start scanning...

And then :

Evil code found: [!] Function (create_function) [line 61] - Potentially dangerous function 'create_function'

Shouldn't I get only double_var exploits detection ?
Am I missing something ?

The text was updated successfully, but these errors were encountered:

Ref: #18

marcocesarato · 2021-03-03T13:50:35Z

Hi, thank for your support and for reporting this issue.
You need to add also php scanner web/app/ --exploits="double_var2" --only-exploits but I checked and --only-exploits/--only-functions/--only-signatures flags was bugged because about 1 month ago the check system changed so some limitations didn't work anymore.
Fixed on 0.8.3.
Let me know if is fixed also for you.

LucasDemea · 2021-03-03T19:27:35Z

It is working now. Thank you !

marcocesarato added the bug Something isn't working label Mar 3, 2021

marcocesarato pushed a commit that referenced this issue Mar 3, 2021

fix(modes): only exploits, functions and signatures modes

d901f7b

Ref: #18

LucasDemea closed this as completed Mar 3, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

--exploits flag not working ? #18

--exploits flag not working ? #18

LucasDemea commented Mar 3, 2021

marcocesarato commented Mar 3, 2021

LucasDemea commented Mar 3, 2021

--exploits flag not working ? #18

--exploits flag not working ? #18

Comments

LucasDemea commented Mar 3, 2021

marcocesarato commented Mar 3, 2021

LucasDemea commented Mar 3, 2021