-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path34.json
25 lines (25 loc) · 1.17 KB
/
34.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"file_path": "security_data/gpt3_security_vulnerability_scanner-main/File Inclusion/lfi6.php",
"vulnerability": "Vulnerabilities detected:\n 1. Direct Inclusion of User Input in File Path (Path Traversal): The include() function is used here with $_POST['page'] as the argument. This function includes and executes the specified PHP file.Because there is no validation or sanitization of the page POST parameter, an attacker could potentially supply a path to a sensitive file or a system file outside of the application's directory.\n",
"source code": "<?php include(\"../common/header.php\"); ?>\n\n<form action=\"/api/index.php\" method=\"POST\">\n <input type=\"text\" name=\"page\">\n</form>\n\n<?php\ninclude($_POST[\"page\"]);\n?>\n",
"language": "php",
"cwe_identifier": [
"CWE-22"
],
"pattern_desc": [
"Path Traversal"
],
"line_number": [
8
],
"line_text": [
"include($_POST[\"page\"]);"
],
"pattern_id": [
"PHP-R-021"
],
"rule": [
"\\b(?:include|require)\\s*\\(\\s*\\$_(GET|POST|REQUEST|COOKIE|SESSION)\\s*\\[\\s*['\"](?:[^'\"]*)['\"]\\s*\\]"
],
"label": 0
}