Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

--exploits flag not working ? #18

Closed
LucasDemea opened this issue Mar 3, 2021 · 2 comments
Closed

--exploits flag not working ? #18

LucasDemea opened this issue Mar 3, 2021 · 2 comments
Labels
bug Something isn't working

Comments

@LucasDemea
Copy link

Hi, thanks for this amazing tool !
When I try to run a scan with the --exploits flags, it seems it is not working as intended :

This is the command I enter :

php scanner web/app/ --exploits="double_var2"

I get :

Exploit to search: double_var2 Start scanning...

And then :

Evil code found: [!] Function (create_function) [line 61] - Potentially dangerous function 'create_function'

Shouldn't I get only double_var exploits detection ?
Am I missing something ?

@marcocesarato marcocesarato added the bug Something isn't working label Mar 3, 2021
@marcocesarato
Copy link
Owner

Hi, thank for your support and for reporting this issue.
You need to add also php scanner web/app/ --exploits="double_var2" --only-exploits but I checked and --only-exploits/--only-functions/--only-signatures flags was bugged because about 1 month ago the check system changed so some limitations didn't work anymore.
Fixed on 0.8.3.
Let me know if is fixed also for you.

@LucasDemea
Copy link
Author

It is working now. Thank you !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants