progpilot can not deal with GLOBALS · Issue #67 · designsecurity/progpilot (original) (raw)

I added GLOBALS to sources.json, but progpilot still failed to detect the following SQL injection vulnerability.

sources.json

....
{"name": "GLOBALS", "is_array": true, "language": "php"},
.....

GLOBALS[′tainted′]=GLOBALS['tainted'] = GLOBALS[′tainted′]=_POST['TaintedData']; $db = mysqli_connect("127.0.0.1", "root", "123456"); mysqli_select_db($db, "testcasesqli"); query="select∗fromuserswhereid=query = "select * from users where id=query="select∗fromuserswhereid=GLOBALS['tainted']"; result=mysqliquery(result = mysqli_query(result=mysqliquery(db, $query); if ($result == false) { exit("Database error !
"); } row=mysqlifetcharray(row = mysqli_fetch_array(row=mysqlifetcharray(result); if ($row == null) { exit("Error ID or password.
"); } print("Login successfully!
welcome,".$row[1]."
");