phantm icon indicating copy to clipboard operation
phantm copied to clipboard

Published 20 hours ago verified publisher icon colder

String type should be split into SQL, HTML and Unsafe (normal)

Open rjmunro opened this issue 14 years ago • 1 comments

Could PHANTM be modified to detect SQL and XSS injection attacks by having separate types for different strings? If a mysql_query() gets a string that isn't SQL safe, it's counted as an error. Similarly if an echo or print statement gets a string that isn't HTML safe.

htmlentities() should return HTML safe strings. mysql_real_escape() should return SQL safe strings. Hard coded strings shuold be considererd safe as both SQL and HTML until they are concatenated with something that isn't.

PHP-sat detects this kind of thing, but only works on old PHP 4 code, and it doesn't do the other stuff that PHANTM does.

rjmunro avatar Jul 09 '10 12:07 rjmunro

Hi,

yes the change you're mentioning is definitely possible, and we in fact thought about several approaches to making Phantm detect such vulnerabilities.

Would you have an immediate use for this functionality? Ideally, we would love to hear about evaluation results, although we understand people do not always have the liberty to share such information.

Regards, PS

psuter avatar Jul 09 '10 14:07 psuter