forked from bgorski/phpcs-security-audit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtests.php
117 lines (98 loc) · 2.35 KB
/
tests.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
/* Tests script for phpcs-security-audit */
//eval($_GET['a']);
echo "aaaa";
echo "bbbb" . $_POST['b'];
echo "b";
db_query($_GET['a']);
preg_replace("/.*/ei", 'aaaaaaa', 'bbbbb');
preg_replace("/.*/ei", $_GET['a'], 'aaaaaaa');
preg_replace($_GET['b'], $_GET['a'], $_GET['c']);
preg_replace($b, $_GET['a'], 'aaaaaa');
preg_replace("aaa", $_GET['a'], 'ababaaa');
// BadFunctions
md5();
phpinfo();
create_function($a);
ftp_exec($a);
fread($a);
array_map($a);
`$a`;
`$_GET`;
include($a);
assert($a);
assert(TRUE,$a);
assert($_GET);
exec($a);
exec($_GET);
mysql_query($a);
mysql_query($_GET);
// Crypto
mcrypt_encrypt();
openssl_public_encrypt($i,$e,$k, OPENSSL_PKCS1_PADDING);
// CVEs
xml_parse_into_struct(xml_parser_create_ns(), str_repeat("<blah>", 1000), $a);
quoted_printable_encode(str_repeat("\xf4", 1000));
// Misc
$a->withHeader('Access-Control-Allow-Origin', '*');
include('abc.xyz');
require_once EXTENSION_PATH . '/path/to' . $name . '.jkl';
0 == '0 cats';
// Easy user input
$_GET['a'] = 'xss';
print("aaa" . $_GET['a']);
echo($_GET['a']);
echo $_GET['a'];
echo "{$_GET['a']}";
print "${_GET['a']}";
echo a($_GET['b']);
echo (allo(a($_GET['c'])));
echo arg(1);
die( "" . $_GET['a'] );
exit("exit" . $_GET['a']);
?>
<?= $_GET['a'] ?>
<?php
// FilesystemFunctions
file_create_filename(arg(1));
symlink($a);
delete($a);
// Drupal 7 Dynamic queries SQLi
$query = db_select('tname', "wn");
$query->join('node', 'n', $a);
$query->innerJoin('node', 'n', $a);
$query->leftJoin('node', 'n', $a);
$query->rightJoin('node', 'n', $a);
$query->addExpression($a, 'w');
$query->groupBy($a);
$query->orderBy($a, $a);
$query->range('safe', 'safe');
$count = $query
->fields("wn")
->condition('email', '1', $_GET)
->condition('email', '1')
->where($a, array(":aaa" => '2'))
->havingCondition('email', '', $a)
->having($a, $args = array(":aaa" => '2'))
->execute()
->rowCount();
echo $count;
$query = db_update('tname')
->expression($a, $a)
->execute();
$nid = db_insert('tname')
->fields(array(
$a => 'safe',
$b => 'safe',
'c' => 'safe',
))
->values(array(
'safe' => 'safe',
))
->execute();
$query = db_select('node', 'n');
$myselect = db_select('mytable')
->fields($_GET)
->condition('myfield', 'myvalue');
$alias = $query->join($myselect, 'myalias', 'n.nid = myalias.nid');
?>