Menu
I'm scanning a folder in my server using RIPS. The report came out and some of the vulnerabilities that were reported are "Userinput reaches sensitive sink.". The lines reported are lines defining a variable. You can see the report here. Does anyone know how I can fix this? Shouldnt this be normal and not reported as a vulnerability?
277
Most of them look like false alarms, since there is no actual user input involved. Most include paths are constructed from a function which probably gets its data from a db or a config file.
get_locale() could be problematic, if it takes the Accept-Language header of HTTP requests and uses them un-sanitized.
110
You can get details of all the sensitive sinks here:
http://awap.sourceforge.net/support.html#sanitization
Which do have all sensitive sinks for PHP language and how to mitigate those vulnerabilities.
You can read a research paper regarding this here:
http://awap.sourceforge.net/papers/wap_dsn2016.pdf
http://awap.sourceforge.net/papers/WAP_IEEE_TR_Mar2016.pdf
Hope this might help you.
43
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
