ÿþ
C:\testing\tools\scsa\pixy_3_0\Pixy>set mypath=C:\testing\tools\scsa\pixy_3_0\Pixy\ 

C:\testing\tools\scsa\pixy_3_0\Pixy>java -Xmx500m -Xms500m -Dpixy.home="C:\testing\tools\scsa\pixy_3_0\Pixy\\" -classpath "C:\testing\tools\scsa\pixy_3_0\Pixy\lib;C:\testing\tools\scsa\pixy_3_0\Pixy\build\class" at.ac.tuwien.infosys.www.pixy.Checker -a -y xss:sql tests.php 
File: tests.php

*** resolving literal includes ***



*** resolving non-literal includes ***



*** performing type analysis ***

Warning: can't find function mysql_select
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:19

inclusion iterations:            1
resolved literal includes:       0
resolved non-literal includes:   0
cyclic includes:                 0
not found includes:              0
unresolved non-literal includes: 3
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:44
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:47
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:51



*** performing taint analysis ***


Finished.

Time: 0 seconds

*** detecting vulnerabilities ***


*****************
XSS Analysis BEGIN
*****************

Number of sinks: 6

XSS Analysis Output
--------------------

Vulnerability detected!
- unconditional
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:38
- Graph: xss1

Unmodeled builtin function: file_get_contents
Vulnerability detected!
- unconditional
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:55
- Graph: xss4

Unmodeled builtin function: file_get_contents
Vulnerability detected!
- unconditional
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:58
- Graph: xss5

Unmodeled builtin function: file_get_contents
Vulnerability detected!
- unconditional
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:63
- Graph: xss6

Total Vuln Count: 4

*****************
XSS Analysis END
*****************


*****************
SQL Analysis BEGIN
*****************

Number of sinks: 6

SQL Analysis Output
--------------------

directly tainted!
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:28
- Graphs: sql1
- unconditional

Unmodeled builtin function (SQL): (string)
directly tainted!
- C:\testing\tools\scsa\pixy_3_0\Pixy\tests.php:29
- Graphs: sql2
Unmodeled builtin function: (string)
- unconditional

Unmodeled builtin function (SQL): htmlentities
Total Vuln Count: 2

*****************
SQL Analysis END
*****************

Total Time: 0 seconds