-
Notifications
You must be signed in to change notification settings - Fork 790
/
Copy pathbook.xml
84 lines (71 loc) · 2.04 KB
/
book.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<book xml:id="book.taint" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<?phpdoc extension-membership="pecl" ?>
<title>Taint</title>
<titleabbrev>Taint</titleabbrev>
<preface xml:id="intro.taint">
&reftitle.intro;
<para>
Taint is an extension, which is used for detecting XSS codes (tainted
string).
And also can be used to spot sql injection vulnerabilities, and shell
inject, etc.
</para>
<para>
When taint is enabled, if you pass a tainted string (comes from <varname>$_GET</varname>,
<varname>$_POST</varname> or <varname>$_COOKIE</varname>) to some functions, taint will warn you about that.
</para>
<example>
<title><function>Taint</function>example</title>
<programlisting role="php">
<![CDATA[
<?php
$a = trim($_GET['a']);
$file_name = '/tmp' . $a;
$output = "Welcome, {$a} !!!";
$var = "output";
$sql = "Select * from " . $a;
$sql .= "ooxx";
echo $output;
print $$var;
include $file_name;
mysql_query($sql);
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
Warning: main() [function.echo]: Attempt to echo a string that might be tainted
Warning: main() [function.echo]: Attempt to print a string that might be tainted
Warning: include() [function.include]: File path contains data that might be tainted
Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted
]]>
</screen>
</example>
</preface>
&reference.taint.setup;
&reference.taint.detail;
&reference.taint.reference;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->