swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FEATURE - SQL injection PDO detection

pull/3/head
Swissky 2017-05-28 23:15:33 +02:00
parent 5160b19e1b
commit a21792a585
3 changed files with 109 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
indicators.py
View File

@ -19,8 +19,9 @@ payloads = [
["require_once","File Inclusion",[]],
["readfile","File Inclusion",[]],
["file_get_contents","File Inclusion",[]],
["show_source","File Inclusion",[]],
["highlight_file","File Inclusion",[]],
["show_source","File Inclusion / Path Traversal",[]],
["highlight_file","File Inclusion / Path Traversal",[]],
["mysql_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
@ -29,7 +30,9 @@ payloads = [
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
# pdo querys
["->query","SQL Injection",["->prepare"]],
["->exec","SQL Injection",["->prepare"]],
["->execute","SQL Injection",["->prepare"]],
["move_uploaded_file","File Upload",[]],

48
test/pdo.php Normal file
View File

@ -0,0 +1,48 @@
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>Coffee Database</title>
<link rel="stylesheet" href="css/style.css" />
</head>
<body>
<form action='' method="POST">
<img src='./image/logo.png' id='logo'>
<h2>Coffee Database</h2>
<?php
if(isset($_POST['username']) && isset($_POST['password'])){
try{
$pdo = new PDO('sqlite:'.dirname(__FILE__).'/afaad186a9343b96963edf168cdb5587.sqlite');
$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // ERRMODE_WARNING | ERRMODE_EXCEPTION | ERRMODE_SILENT
$stmt = $pdo->query("SELECT * FROM users WHERE username ='".$_POST['username']."' and password='".$_POST['password']."'");
if($result = $stmt->fetchAll()){
echo "<p id='left'>Welcome ".$result[0]['username']." <br>Your password is ".$result[0]['password']."</p>";
echo '<input type="submit" value="LOG IN" href="./index.php" class="button" />';
}
else{
echo "Unknown user or password";
goto login_input;
}
}
catch(Exception $e) {
echo "Impossible d'accéder à la base de données SQLite : ".$e->getMessage();
echo '<br><input type="submit" value="RETRY" href="./index.php" class="button" />';
}
}
else{
login_input:
?>
<input type="text" name="username" class="text-field" placeholder="Username" />
<input type="password" name="password" class="text-field" placeholder="Password" />
<input type="submit" value="LOG IN" class="button" />
<?php
}
?>
</form>
</body>
</html>

55
test/unserialize.php Normal file
View File

@ -0,0 +1,55 @@
<html>
<head>
<meta charset="utf-8">
<link rel="icon" href="./res/favicon.ico">
<link href="./index.css" rel="stylesheet">
<title>Much Series Very Analyse</title>
</head>
<body>
<h1>Much Series Very Analyse</h1>
<div id='console'>
<a href='?lang=en.php'>English</a> | <a href='?lang=fr.php'>Francais</a><br><br><br>
<img src='./doge.png' width='100px'>
<?php
if(isset($_GET['viewsource'])) {
highlight_file('index.php');
exit();
}
class Lang {
private $lang;
public function __construct($lang='') {
$this->lang = !empty($lang) ? $lang : 'en.php';
}
public function __destruct() {
include($this->lang);
echo "
</div>
<p>© 2016 WowDoge Security . All Rights Reserved</p>
</body>
</html>";
}
}
if (isset($_GET['lang']) && !empty($_GET['lang'])) {
$allowed = ['fr.php', 'en.php'];
if (in_array($_GET['lang'], $allowed)) {
$lang = new Lang($_GET['lang']);
setcookie("lang", serialize($lang));
}
else
$lang = new Lang('en.php');
}
else if (isset($_COOKIE['lang']) && !empty($_COOKIE['lang'])) {
$lang = unserialize($_COOKIE['lang']);
}
else {
$lang = new Lang('en.php');
}
?>