[VIM] [PHP-CHECKER] 99 potential SQL injection vulnerabilities (fwd)

Steven M. Christey coley at linus.mitre.org
Tue Dec 13 03:58:13 EST 2005


On Tue, 13 Dec 2005, security curmudgeon wrote:

> : OK, they parse into Abstract Syntax Trees and use control flow graphs,
> : they're definitely better than mine.  Nice.
>
> Does this mean that the program isn't prone to finding the sql errors
> that are not true sql injections? If so.. =)

You got me there, it's probably only good at spotting untrusted/uncleansed
input.  Still a big deal better than glorified grep!  And bad news for us
VDBs if everyone gets their hands on it, as you suggested.

- Steve


More information about the VIM mailing list