Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* DevBug - PHP Static Code Analysis written (mostly) in JavaScript */
- // Cross-Site Scripting (XSS)
- $name = $_GET['name']; // tainted by user input
- $a .= $name;
- echo('Hello ' . $name); # tainted data reaches sensitive sink
- echo($a);
- echo("" . $name);
- // SQL Injection
- $id = $_POST['id'];
- $b .= $id;
- mysql_query("SELECT user FROM users WHERE id = " . $id);
- mysql_query("SELECT user FROM users WHERE id = " . $b);
- ?>
Add Comment
Please, Sign In to add comment