Q-Factor General Quiz-7th April 2024, Quiz Club NITW
Php manish
1.
2.
3. PHP Tainted variables Application Client host Web browser Application Server host Web server user dbms Applications written in HTML, Javascript, Java, (Flash, pdf, doc, ppt) Applications written in PHP, ASP, Java, Perl, Ruby, Haskell, (SQL, Shell) Server Client
18. PHP Tainted variables 1 Configurable Taint flavor Source mark policy 1 Conversion function Sink detect policy 1 TC_HTML Input from web or database htmlspecialchars htmlemtities HTML output TC_MYSQL Input from web or database mysql_escape_string mysql_real_escape_string MySQL query TC_SHELL Input from web or database escapeshellcmd escapeshellarg Shell command TC_SELF Input from web untaint($var, TC_SELF) include, eval, ... TC_USER1 TC_USER2 application dependent untaint($var, TC_SELF) application dependent