Steve Kemp wrote:
> There are three types of attack that come up often
> in the PHP world:
>
> * File inclusion erorrs.
> * XSS attacks.
> * SQL Injection attacks.
>
> The first and the last should be simple to detect
> via a simple script, just by looking for patterns
> such as:
>
> include( $ );
Ok the script parses *include* so include_once is checked. But don't
forget require and require_once! :)
>
> and :
>
> mysql_query( $ .. );
Not so simple, because most of PHP applications uses their own mysql
classes and you can see mysql_query few times... I think that the best
thing is to check for "SELECT .. $ .. " and "WHERE .. $ .." even if one
SQL query can be splitted into multiple lines.
There's another common PHP bug: command execution. The best thing is to
check common functions like:
passthru $
exec $
shell_exec $
popen $
system $
` $
(did I forget something? :)
Bye
Gerardo
|
