PHP Vulnerability - Hunter


This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI.

PHP Vulnerability Hunter is aware of many different types of vulnerabilities found in PHP applications, from the most common such as cross-site scripting and local file inclusion to the lesser known, such as user controlled function invocation and class instantiation.





PHP Vulnerability Hunter

ºArbitrary command execution
ºArbitrary file read/write/change/rename/delete
ºLocal file inclusion
ºArbitrary PHP execution
ºSQL injection
ºUser controlled function invocatino
ºUser controlled class instantiation
ºReflected cross-site scripting (XSS)
ºOpen redirect
ºFull path disclosure



Scan Phases

1. Initialization Phase

During this phase, interesting function calls within each code file are hooked, and if code coverage is enabled the code is annotated. Static analysis is performed on the code to detect inputs.

2. Scan Phase

This is where the bugs are uncovered. PHP Vulnerability Hunter iterates through its different scan plugins and plugin modes, scanning every file within the targeted application. Each time a page is requested, dynamic analysis is performed to discover new inputs and bugs.

3. Uninitialization

Once the scan phase is complete, all of the application files are restored from backups made during the initialization phase.