Assembla home | Assembla project page
 

PHP Security Oracle

Like any other modules in the PHP-Oracle project, the security oracle is working as a Visitor Pattern. This module is currently on development and therefore, no release soon, but it's gonna work with simple definition files for:

  • sensitive sinks (echo, print, mysql_query, etc.)
  • tainted sources (mysql_fetch_array, fgets, etc.)
  • untainted data (htmlentities, mysql_real_escape_string, etc.)
  • exposed info: information that shouldn't be exposed at all (phpinfo, etc.)

The main idea is to trace the flow of a variable going to a sensitive sinks. If the variable is not going through some untainting data function, there is a vulnerability. The vulnerability checkers can also implemenet different type of checks such as sessions setup, information exposing, etc.