progpilot can not deal with GLOBALS · Issue #67 · designsecurity/progpilot (original) (raw)
I added GLOBALS to sources.json, but progpilot still failed to detect the following SQL injection vulnerability.
sources.json
....
{"name": "GLOBALS", "is_array": true, "language": "php"},
.....
GLOBALS[′tainted′]=GLOBALS['tainted'] = GLOBALS[′tainted′]=_POST['TaintedData'];
$db = mysqli_connect("127.0.0.1", "root", "123456");
mysqli_select_db($db, "testcasesqli"); query="select∗fromuserswhereid=query = "select * from users where id=query="select∗fromuserswhereid=GLOBALS['tainted']"; result=mysqliquery(result = mysqli_query(result=mysqliquery(db, $query);
if ($result == false) {
exit("Database error !"); } row=mysqlifetcharray(row = mysqli_fetch_array(row=mysqlifetcharray(result); if ($row == null) { exit("Error ID or password.
"); } print("Login successfully!
welcome,".$row[1]."
");