A sensitive sink is every construct/function that can cause a vulnerability when it is given TaintedData as a parameter.

The following constructs are listed as a SensitiveSink:

  • die
  • echo
  • exit
  • print
  • `` (backticks)
  • eval
  • include
  • include_once
  • require
  • require_once

-- EricBouwers - 29 Dec 2006

Revision: r1.1 - 29 Dec 2006 - 17:17 - EricBouwers
Copyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback