-
Notifications
You must be signed in to change notification settings - Fork 0
/
100.json
25 lines (25 loc) · 1.1 KB
/
100.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"file_path": "security_data/gpt3_security_vulnerability_scanner-main/PHP Object Injection/tarlogic1.php",
"vulnerability": "Vulnerabilities Detected:\n1. Unserialize vulnerability: The code is vulnerable to PHP Object Injection attacks due to the use of the unserialize() function.\n2. Command Injection vulnerability: The code is vulnerable to command injection attacks due to the use of the system() function.",
"source code": "<?php\nclass warm {\n public $dir = \".\";\n public function __wakeup() {\n echo \"This folder contains:\\n\";\n system(\"ls \" . $this->dir);\n }\n}\n$test = new warm();\n$a = serialize($test);\necho \"Example of an object:\\n$a\\n\\n\";\nunserialize($argv[1]);\n?>\n",
"language": "php",
"cwe_identifier": [
"CWE-862"
],
"pattern_desc": [
"Missing Authorization in critical function call"
],
"line_number": [
6
],
"line_text": [
" system(\"ls \" . $this->dir);"
],
"pattern_id": [
"PHP-R-016"
],
"rule": [
"\\b(exec|shell_exec|system|passthru)\\("
],
"label": 1
}