[VIM] [PHP-CHECKER] 99 potential SQL injection vulnerabilities
Steven M. Christey
coley at linus.mitre.org
Tue Dec 13 03:58:13 EST 2005
On Tue, 13 Dec 2005, security curmudgeon wrote:
> : OK, they parse into Abstract Syntax Trees and use control flow graphs,
> : they're definitely better than mine. Nice.
> Does this mean that the program isn't prone to finding the sql errors
> that are not true sql injections? If so.. =)
You got me there, it's probably only good at spotting untrusted/uncleansed
input. Still a big deal better than glorified grep! And bad news for us
VDBs if everyone gets their hands on it, as you suggested.
More information about the VIM