June 19, 2009
PHP Interpreter Modified To Find XSS and Injection Holes, Automatically Generates Attacks
Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.
The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.
There is also a table of results from analysis done against several PHP web applications
Via: darkREADING