Introduction

    Taint is an extension, which is used for detecting XSS codes (tainted string). And also can be used to spot sql injection vulnerabilities, and shell inject, etc.

    When taint is enabled, if you pass a tainted string (comes from $_GET, $_POST or $_COOKIE) to some functions, taint will warn you about that.

    Example #1 Taint()example

    <?php
    $a     = trim($_GET['a']);

    $file_name = '/tmp' . $a;
    $output = "Welcome, {$a} !!!";
    $var = "output";
    $sql = "Select * from " . $a;
    $sql .= "ooxx";

    echo     $output;

    print $    $var;

    include     $file_name;

    mysql_query($sql);
    ?>

    The above example will output something similar to:

    Warning: main() [function.echo]: Attempt to echo a string that might be tainted

Warning: main() [function.echo]: Attempt to print a string that might be tainted

Warning: include() [function.include]: File path contains data that might be tainted

Warning: mysql_query() [function.mysql-query]: SQL statement contains data that might be tainted

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes

    There are no user contributed notes for this page.
    To Top

    Follow Lee on X/Twitter - Father, Husband, Serial builder creating AI, crypto, games & web tools. We are friends :) AI Will Come To Life!

    Check out: eBank.nz (Art Generator) | Netwrck.com (AI Tools) | Text-Generator.io (AI API) | BitBank.nz (Crypto AI) | ReadingTime (Kids Reading) | RewordGame | BigMultiplayerChess | WebFiddle | How.nz | Helix AI Assistant