Browse files

docs for crlf and code injection (#194)

  • Loading branch information...
rnehra01 authored and afeena committed Aug 22, 2017
1 parent 4e3e4ae commit d2bea46dd3588f30bd95c447f301fd72de00b9ea
Showing with 13 additions and 1 deletion.
  1. +13 −1 docs/source/emulators.rst
@@ -82,11 +82,23 @@ It emulates `Command Execution`_ vulnerability. This attack is detected with pat
* The ``command`` is executed in a docker container safely.
* Results from container is injected into the index page.
PHP Code Injection Emulator
It emulates `PHP code injection`_ vuln. Usually, this type of vuln is found where user input is directly passed to
functions like eval, assert. To mimic the functionality, user input is converted to the following code
``<?php eval('$a = user_input'); ?>`` and then passed to phpox to get php code emulation results.
CRLF Emulator
It emulates `CRLF`_ vuln. The attack is detected using ``\r\n`` pattern in the input. The parameter which looks suspicious
is injected as a header with parameter name as header name and param value as header value.
.. _RFI:
.. _PHPox:
.. _LFI:
.. _XSS:
.. _SQL injection:
.. _Command Execution:
.. _manual:
.. _PHP Code Injection:
.. _CRLF:
.. _manual:

0 comments on commit d2bea46

Please sign in to comment.