<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Introduction</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="book.taint.html">Taint</a></div> <div class="next" style="text-align: right; float: right;"><a href="taint.setup.html">Installing/Configuring</a></div> <div class="up"><a href="book.taint.html">Taint</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="intro.taint" class="preface"> <h1 class="title">Introduction</h1> <p class="para"> Taint is an extension, which is used for detecting XSS codes(tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc. </p> <p class="para"> When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that. </p> <div class="example" id="example-4184"> <p><strong>Example #1 <span class="function"><a href="function.taint.html" class="function">Taint()</a></span>example</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br />$a </span><span style="color: #007700">= </span><span style="color: #0000BB">trim</span><span style="color: #007700">(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'a'</span><span style="color: #007700">]);<br /><br /></span><span style="color: #0000BB">$file_name </span><span style="color: #007700">= </span><span style="color: #DD0000">'/tmp' </span><span style="color: #007700">. </span><span style="color: #0000BB">$a</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$output </span><span style="color: #007700">= </span><span style="color: #DD0000">"Welcome, </span><span style="color: #007700">{</span><span style="color: #0000BB">$a</span><span style="color: #007700">}</span><span style="color: #DD0000"> !!!"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$var </span><span style="color: #007700">= </span><span style="color: #DD0000">"output"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$sql </span><span style="color: #007700">= </span><span style="color: #DD0000">"Select * from " </span><span style="color: #007700">. </span><span style="color: #0000BB">$a</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$sql </span><span style="color: #007700">.= </span><span style="color: #DD0000">"ooxx"</span><span style="color: #007700">;<br /><br />echo </span><span style="color: #0000BB">$output</span><span style="color: #007700">;<br /><br />print $</span><span style="color: #0000BB">$var</span><span style="color: #007700">;<br /><br />include(</span><span style="color: #0000BB">$file_name</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">mysql_query</span><span style="color: #007700">(</span><span style="color: #0000BB">$sql</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> <div class="example-contents"><p>The above example will output something similar to:</p></div> <div class="example-contents screen"> <div class="cdata"><pre> Warning: main() [function.echo]: Attempt to echo a string that might be tainted Warning: main() [function.echo]: Attempt to print a string that might be tainted Warning: include() [function.include]: File path contains data that might be tainted Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted </pre></div> </div> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="book.taint.html">Taint</a></div> <div class="next" style="text-align: right; float: right;"><a href="taint.setup.html">Installing/Configuring</a></div> <div class="up"><a href="book.taint.html">Taint</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>