php taint扩展,检测XSS漏洞的扩展 PHP Taint

PHP Taint 从PHP语言层面去分析,找出一些可能的XSS漏洞代码.

启用这个扩展以后, 如果在一些关键函数(或者语句: echo, print, system, exec, 等等), 或者输出的地方*直接*(没有经过转义, 安全过滤处理)使用了来自$_GET, $_POST或者$_COOKIE的数据, 则Taint就会提示你:

$a = trim($_GET['a']);

$file_name = '/tmp' . $a;

$output = "Welcome, {$a} !!!";

$var = "output";

$sql = "Select * from " . $a;

$sql .= "ooxx";

echo $output;

print $$var;

include($file_name);

mysql_query($sql);

?>

以上例程的输出类似于：

Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted

Even metallic embellishments will make a white shoe feel more wearable

quick weight loss Tips for saving money on clothes

the Princes and Boulders just to name a few

snooki weight lossFashion Photographer’s Guide to Strong Light Level Location Shoots

Clooney ordered to testify in fraud trial

casas bahiathis design comes with a high price

Turn Jewelry Making Into Money Making

cartola fcprecisely does a stylish model intern use up a day

How to Make Cotton Shirts Larger

jogos da barbieespecially in the spring

Job Fair tomorrow any and all advice welcome

kinox -4-freeThis has been our normal for more than 18 months

How to Wear a Hat With Style

kinokistepeople used Nazi symbols just to be offensive

3 Steps To Great Abs

rape porntry to go through agents

A Must Have Accessory for Everyone

milf pornhe created the first button down shirt

Lindsay Lohan Determined to Nail Elizabeth Taylor Role

miranda lambert weight lossMen’s Classic Work Leather Chukka Boot20