这个扩展可能很多人都不知道,主要功能是用于检测代码中隐藏的XSS code, SQL注入, Shell注入等漏洞,是鸟哥写的一个扩展。在鸟哥博客上有介绍过,
Taint-0.3.0(A XSS codes sniffer) released
PHP Taint – 一个用来检测XSS/SQL/Shell注入漏洞的扩展
下载安装包 taint
解压,编译安装
tar zxvf taint-2.0.2.tga
cd taint-2.0.2
phpize
./configure --with-php-config=/usr/local/bin/php-config
sudo make && make install
修改配置
extension=taint.so
taint.enable=1
重启服务器
结果测试:
<?php
$a = $_GET['a'];
$file_name = '/tmp' . $a;
$output = "Welcome, {$a} !!!";
$var = "output";
echo $output;
print $$var;
include($file_name);
结果显示:
Warning: main() [echo]: Attempt to echo a string that might be tainted in index.php on line 10
Welcome, 'vilay' !!!
Warning: main() [print]: Attempt to print a string that might be tainted in index.php on line 13
Welcome, 'vilay' !!!
Warning: main() [include]: File path contains data that might be tainted in index.php on line 16
Warning: include(/tmp'vilay'): failed to open stream: No such file or directory in index.php on line 16
Warning: include(): Failed opening '/tmp'vilay'' for inclusion (include_path='.:') in index.php on line 16
这个扩展建议在开发环境中使用,提高代码的安全性。。