Skip to content

hardsoft321/svscan

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
progpilot-rules
progpilot-rules
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 
composer.lock
composer.lock
 
 
svscan.php
svscan.php
 
 

Repository files navigation

SuiteCRM Vulnerabilities Scanner

It is a wrapper for progpilot with additional rules for SuiteCRM.

It can find sql injections like this

<?php
class SomeClass
{
    function method1()
    {
        $query = "update linked_docs set deleted=1 where id='" . $_POST['signed_id'] . "'";
        $this->db->query($query);
    }

    function method2()
    {
        global $focus;
        $focusId = $_REQUEST['record'];
        $where = "notes.parent_id='{$focusId}' AND notes.filename IS NOT NULL";
        $focus->get_full_list('', $where);
    }

}

Don't forget

composer install

Then run

php svscan.php /path/to/SuiteCRM/some-dir-or-file

or

cd /path/to/SuiteCRM/some-dir
/path/to/svscan.php

About

SuiteCRM Vulnerability Scanner

Topics

suitecrm vulnerability-scanners

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages