Description
Source: filter_input_array_prm__(INPUT_GET)_(((t),(FILTER_SANITIZE_URL)))
Sanitization: count_prm_
Dataflow: assignment
Context: xss_apostrophe
Sink: trigger_error_prm__(E_USER_ERROR)
Flaws
Test Suites
Trace
-
-
sample.phpline 30
- CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
-
Files
src
sample.php
manifest.sarif
xxxxxxxxxx34 <!--# Sample informationPatterns:- Source: filter_input_array_prm__<c>(INPUT_GET)_<array>(<ae_k>(<s>(t),<c>(FILTER_SANITIZE_URL))) ==> Filters:[Filtered(•, •, •, •, •, •, •, •, •, , , •, •, , •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, , •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, , ¡, ¢, £, ¤, ¥, ¦, §, ¨, ©, «, ¬, •, ®, ¯, °, ±, ², ³, ´, ¶, ·, ¸, ¹, », ¼, ½, ¾, ¿, ×, ÷)]- Sanitization: count_prm_ ==> Filters:[letters, specials]- Filters complete: Filters:[letters, specials, Filtered(•, •, •, •, •, •, •, •, •, , , •, •, , •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, , •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, •, , ¡, ¢, £, ¤, ¥, ¦, §, ¨, ©, «, ¬, •, ®, ¯, °, ±, ², ³, ´, ¶, ·, ¸, ¹, », ¼, ½, ¾, ¿, ×, ÷)]- Dataflow: assignment- Context: xss_apostrophe- Sink: trigger_error_prm__<c>(E_USER_ERROR)State:- State: Good- Exploitable: Not found# Exploit description--><?php# Init# Sample$tainted = filter_input_array(INPUT_GET, ["t" => FILTER_SANITIZE_URL]);$sanitized = count($tainted);$dataflow = $sanitized;$context = (("Hello to '" . $dataflow) . "'");trigger_error($context, E_USER_ERROR);?>Have any comments on this test case? Please, send us an email.