I am researching the capabilities of static analysis and at the moment I am in the process of collecting code snippets that are < / P>
$ url = htmlspecialchars ($ _GET ["url"]
); Echo "& lt; a href = $ url & gt; Click here to continue & lt; / a & gt;"; $ Url = htmlspecialchars ($ _GET ["url"]); Echo "& lt; a href = '$ url' & gt; Click here to continue & lt; / a & gt;"; $ Filename = $ _GET ["filename"]; $ Securefile = str_replace ("../", "", $ filename); Include ("home / test / traveler /." $ Secure file. ".php");
Obviously, the first two are XSS and the last one arbitrarily file is included. Can you provide me with more examples such as language primary PHP, Java, C # or VB, but if you have examples in other languages, then it is also fine.
BTW, this is not a game of bypassing the analyst with the Nifty trick, but what is its global analysis and what is not known by various analysts, therefore the code is unclear to make the analyzer stupid. It was not what I am searching for.
Another example
$ query = mysql_real_escape ($ _GET ["id"]); Mysql_query ("Select * PRODUCTS WHERE id =". $ Query); or
$ safeVal = htmlspecialchars ($ _GET ['val']); "Akho" & lt; a href = '#' $ securewall & gt; click here & lt; / a & gt;
In cases where avoiding or using other measures, but wherever there is a vulnerability:
- utf8_decode xml_utf8_decode vuln
- Escapeshellcmd () is considered harmful?
- file_exists () quietly trimmed after an empty byte
Comments
Post a Comment