I guess I think like a hacker, because I thought of this before seeing RSnake's post about finding vulnerabilities with Google Code Search.

If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:

lang:php (print\(|echo)\s\$_(GET|REQUEST)

This says "Find all PHP code that calls 'print' or 'echo' to display $_GET or $_POST (likely) without escaping anything.  What a great way to find places to inject stuff!  This is useful to find XSS vulnerabilities as well.

Organizing the world's information is useful — for many things :)

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook



Related posts:
XSS & HTML Injection are Frighteningly Trivial to Find at Harvard.edu This recent article mentions that XSS and HTML injection are...
Code for HTML Auditing <? // +———————————————————————-+ // | HTMLParser                                                           | // | Simple HTML Parsing Library                                          | // | Based on Jose Solorzano's Library; his notice is below.              | // +———————————————————————-+ // | Portions Copyright (c) 2004-2005 Jaimie Sirovich                     | // +———————————————————————-+ // | This program is free software; you can redistribute it and/or        |...
Auditing for HTML Tainting Note: the code for the auditing script is located here....
PubCon / SES Idea: Protecting Yourself From Black Hat Vulnerabilities We all have a mischievous side.  I know I do. ...
Patched Sociable Code To Enable Feed Icons I said I would release this if enough people asked. ...