IT. Expert System.

PHP

Introduction


Introduction

Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc.

When taint is enabled, if you pass a tainted string(comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

Example #1 Taint()example

<?php
$a 
trim($_GET['a']);

$file_name '/tmp' .  $a;
$output    "Welcome, {$a} !!!";
$var       "output";
$sql       "Select *  from " $a;
$sql      .= "ooxx";

echo 
$output;

print $
$var;

include(
$file_name);

mysql_query($sql);

The above example will output something similar to:

 Warning: main() [function.echo]: Attempt to echo a string that might be tainted Warning: main() [function.echo]: Attempt to print a string that might be tainted Warning: include() [function.include]: File path contains data that might be tainted Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted 


Content

Android Reference

Java basics

Java Enterprise Edition (EE)

Java Standard Edition (SE)

SQL

HTML

PHP

CSS

Java Script

MYSQL

JQUERY

VBS

REGEX

C

C++

C#

Design patterns

RFC (standard status)

RFC (proposed standard status)

RFC (draft standard status)

RFC (informational status)

RFC (experimental status)

RFC (best current practice status)

RFC (historic status)

RFC (unknown status)

IT dictionary

License.
All information of this service is derived from the free sources and is provided solely in the form of quotations. This service provides information and interfaces solely for the familiarization (not ownership) and under the "as is" condition.
Copyright 2016 © ELTASK.COM. All rights reserved.
Site is optimized for mobile devices.
Downloads: 1540 / . Delta: 0.03636 с