Gonzalez Posted June 28, 2007 Report Posted June 28, 2007 PHP VULNERABILITY ANALYZER README Paul Bakoyiannis Heres a quick summary of how the program works and how to use it: First, the program reads each of the text files for vulnerable php functions. each file is for a different category of vulnerability: dir.txt = directory transversal sql.txt = sql injection rem.txt = remote command execution rfi.txt = remote file include you can add any keywords you want to each file. Once you start the program, click choose file and choose a file to analyze. After you choose the file, click the Analyze Code button, and all the vulnerable keywords will be extracted. Check each tab for uses of vulnerable functions. Also, in the second tab page, it finds all the get variables, the post variables, and config variables. Once you see a vulnerble function, look for the variable it uses. Then you can go to the variable tab and search for all the instances of that variable using the bottom text box. There you can look if the variable was initialized, sanitized, etc. Also, you can view the entire source of the file you're analyzing by clicking the source tab. This program will definetely help you find vulnerabilities in PHP applications, and will save you alot of time. Email me at megarooster@aol.com ( yes, aol) to give me suggestions, praise, criticism, or more keywords to add for the next release. EnjoyDownload:http://rapidshare.com/files/27928326/phpvuln_upload_by_canvas.rar.html Quote
