Hamza/Siro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d3ea597f4efdf049d10120e5ca25ffd613ae949
Siro/semgrep_wallet_results.json
Hamza-Ayed 28d30e3359 Update: 2026-06-17 03:24:05
2026-06-17 03:24:05 +03:00

1 line
18 KiB
JSON
Raw Blame History

{"version":"1.166.0","results":[{"check_id":"php.lang.security.injection.echoed-request.echoed-request","path":"walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php","start":{"line":68,"col":9,"offset":2684},"end":{"line":68,"col":96,"offset":2771},"extra":{"message":"`Echo`ing user input risks cross-site scripting vulnerability. You should use `htmlentities()` when showing data to users.","fix":"echo htmlentities(json_encode([\"status\" => \"failure\", \"message\" => \"Verification failed: $reason\"]));","metadata":{"technology":["php"],"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection","A05:2025 - Injection"],"category":"security","references":["https://www.php.net/manual/en/function.htmlentities.php","https://www.php.net/manual/en/reserved.variables.request.php","https://www.php.net/manual/en/reserved.variables.post.php","https://www.php.net/manual/en/reserved.variables.get.php","https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/php.lang.security.injection.echoed-request.echoed-request","shortlink":"https://sg.run/Bqqb"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"generic.nginx.security.request-host-used.request-host-used","path":"walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/mtn_confirm.php","start":{"line":16,"col":9,"offset":571},"end":{"line":16,"col":14,"offset":576},"extra":{"message":"'$http_host' and '$host' variables may contain a malicious value from attacker controlled 'Host' request header. Use an explicitly configured host value or a allow list for validation.","metadata":{"cwe":["CWE-290: Authentication Bypass by Spoofing"],"references":["https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md","https://portswigger.net/web-security/host-header"],"category":"security","technology":["nginx"],"confidence":"MEDIUM","owasp":["A07:2021 - Identification and Authentication Failures","A07:2025 - Authentication Failures"],"subcategory":["audit"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authentication"],"source":"https://semgrep.dev/r/generic.nginx.security.request-host-used.request-host-used","shortlink":"https://sg.run/4x3Z"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"generic.nginx.security.request-host-used.request-host-used","path":"walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/mtn_confirm.php","start":{"line":17,"col":46,"offset":694},"end":{"line":17,"col":51,"offset":699},"extra":{"message":"'$http_host' and '$host' variables may contain a malicious value from attacker controlled 'Host' request header. Use an explicitly configured host value or a allow list for validation.","metadata":{"cwe":["CWE-290: Authentication Bypass by Spoofing"],"references":["https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md","https://portswigger.net/web-security/host-header"],"category":"security","technology":["nginx"],"confidence":"MEDIUM","owasp":["A07:2021 - Identification and Authentication Failures","A07:2025 - Authentication Failures"],"subcategory":["audit"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authentication"],"source":"https://semgrep.dev/r/generic.nginx.security.request-host-used.request-host-used","shortlink":"https://sg.run/4x3Z"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"php.lang.security.injection.echoed-request.echoed-request","path":"walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/verify_payment_ai.php","start":{"line":68,"col":9,"offset":2604},"end":{"line":68,"col":96,"offset":2691},"extra":{"message":"`Echo`ing user input risks cross-site scripting vulnerability. You should use `htmlentities()` when showing data to users.","fix":"echo htmlentities(json_encode([\"status\" => \"failure\", \"message\" => \"Verification failed: $reason\"]));","metadata":{"technology":["php"],"cwe":["CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"owasp":["A07:2017 - Cross-Site Scripting (XSS)","A03:2021 - Injection","A05:2025 - Injection"],"category":"security","references":["https://www.php.net/manual/en/function.htmlentities.php","https://www.php.net/manual/en/reserved.variables.request.php","https://www.php.net/manual/en/reserved.variables.post.php","https://www.php.net/manual/en/reserved.variables.get.php","https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cross-Site-Scripting (XSS)"],"source":"https://semgrep.dev/r/php.lang.security.injection.echoed-request.echoed-request","shortlink":"https://sg.run/Bqqb"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[],"paths":{"scanned":["walletintaleq.intaleq.xyz/.gitignore","walletintaleq.intaleq.xyz/WalletDB.sql","walletintaleq.intaleq.xyz/mtnpayment.html","walletintaleq.intaleq.xyz/ttt.php","walletintaleq.intaleq.xyz/v2/composer.json","walletintaleq.intaleq.xyz/v2/composer.lock","walletintaleq.intaleq.xyz/v2/main/connect.php","walletintaleq.intaleq.xyz/v2/main/encrypt_decrypt.php","walletintaleq.intaleq.xyz/v2/main/functions.php","walletintaleq.intaleq.xyz/v2/main/jwtconnect.php","walletintaleq.intaleq.xyz/v2/main/load_env.php","walletintaleq.intaleq.xyz/v2/main/loginWalletAdmin.php","walletintaleq.intaleq.xyz/v2/main/ride/GeminiAi.php","walletintaleq.intaleq.xyz/v2/main/ride/apiKey/add.php","walletintaleq.intaleq.xyz/v2/main/ride/apiKey/delete.php","walletintaleq.intaleq.xyz/v2/main/ride/apiKey/get.php","walletintaleq.intaleq.xyz/v2/main/ride/apiKey/update.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/check_status.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/cliq_invoices.sql","walletintaleq.intaleq.xyz/v2/main/ride/cliq/cliq_webhook_handler.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/create_cliq_invoice.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/finalize_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/query_click_invoice.php","walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php","walletintaleq.intaleq.xyz/v2/main/ride/driverPayment/add.php","walletintaleq.intaleq.xyz/v2/main/ride/driverPayment/delete.php","walletintaleq.intaleq.xyz/v2/main/ride/driverPayment/get.php","walletintaleq.intaleq.xyz/v2/main/ride/driverPayment/update.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/add.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/add300ToDriver.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/addFromAdmin.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/addPaymentToken.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/add_s2s_reward.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/convertBudgetToPoints.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/delete.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/deleteNewDriverGiftCronJob.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/driverStatistic.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/get.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/getDriverDetails.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/getDriverWeekPaymentMove.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/getWalletByDriver.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/get_s2s_wallet_dashboard.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/promotionDriver.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/sendEmailTransfer.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/transfer.php","walletintaleq.intaleq.xyz/v2/main/ride/driverWallet/update.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/driver/ecash_verify.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/driver/ecash_webhook.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/driver/finalize_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/driver/payWithEcash.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/driver/webhook_connect.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/ecash_config.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/logs/ecash_production.log","walletintaleq.intaleq.xyz/v2/main/ride/ecash/logs/payment_verification.log","walletintaleq.intaleq.xyz/v2/main/ride/ecash/passenger/ecash_verify.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/passenger/ecash_webhook.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/passenger/finalize_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/passenger/payWithEcash.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/passenger/webhook_connect.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/payWithEcash.php","walletintaleq.intaleq.xyz/v2/main/ride/ecash/webhook_ecash.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/confirm_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/finalize_wallet_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/generate_keys.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/initiate_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/key.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/mtn_start.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/private_key.pem","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver/public_key.pem","walletintaleq.intaleq.xyz/v2/main/ride/mtn/driver_payout_syria.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/confirm_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/finalize_wallet_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/generate_keys.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/initiate_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/key.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/mtn_confirm.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/mtn_start.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/private_key.pem","walletintaleq.intaleq.xyz/v2/main/ride/mtn/passenger/public_key.pem","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/check_status.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/create_mtn_invoice.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/finalize_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/mtn_webhook_handler.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/query_mtn_invoice.php","walletintaleq.intaleq.xyz/v2/main/ride/mtn_new/verify_payment_ai.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/add.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/addPaymentTokenPassenger.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/add_s2s_debt.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/delete.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/get.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/getAllPassengerTransaction.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/getPassengerWalletArchive.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/getWalletByPassenger.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/process_wait_compensation.php","walletintaleq.intaleq.xyz/v2/main/ride/passengerWallet/update.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/error_log","walletintaleq.intaleq.xyz/v2/main/ride/payMob/payWithPayMob.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymet_verfy.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymet_verfy.php.zip","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/payWithCard.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/payWithWallet.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/paymet_verfy.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/paymob_payout.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/paymob_webHookWallet.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_driver/paymob_webhook.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_webhook.log","walletintaleq.intaleq.xyz/v2/main/ride/payMob/paymob_webhook.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/wallet/error_log","walletintaleq.intaleq.xyz/v2/main/ride/payMob/wallet/payWithPayMob.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/wallet/paymet_verfy.php","walletintaleq.intaleq.xyz/v2/main/ride/payMob/wallet/paymob_webhook.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/add.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/delete.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/get.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/getAllPayment.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/getAllPaymentVisa.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/getCountRide.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/process_ride_payments.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/update.php","walletintaleq.intaleq.xyz/v2/main/ride/payment/updatePaymetToPaid.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/check_status.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/create_invoice_shamcash.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/deposit_errors.log","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/finalize_deposit.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/last_id.txt","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/passenger/check_status.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/passenger/create_invoice.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/passenger/finalize_deposit.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/save_transactions.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/save_transactions_new.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/server_check.php","walletintaleq.intaleq.xyz/v2/main/ride/shamcash/transactions.log","walletintaleq.intaleq.xyz/v2/main/ride/siroWallet/add.php","walletintaleq.intaleq.xyz/v2/main/ride/siroWallet/get.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/archive.zip","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/driver/confirm_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/driver/finalize_wallet_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/driver/start_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/driver/syriatel_token_handler.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/logs/payment_verification.log","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/passenger/confirm_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/passenger/start_payment.php","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/passenger/syriatel_token.cache","walletintaleq.intaleq.xyz/v2/main/ride/syriatel/passenger/syriatel_token_handler.php","walletintaleq.intaleq.xyz/v2/main/ride/tips/add.php","walletintaleq.intaleq.xyz/v2/main/ride/tips/get.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/archive.zip","walletintaleq.intaleq.xyz/v2/main/sms_webhook/check_invoice_status.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/check_invoice_status_passenger.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/create_invoice.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/create_invoice_passenger.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/finalize_payout.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/finalize_wallet_payment.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/process_passenger_sms_payment.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/process_with_gemini.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/request_payout.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/save_raw_sms.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/save_raw_sms_passenger.php","walletintaleq.intaleq.xyz/v2/main/sms_webhook/webhook.php"]},"time":{"rules":[],"rules_parse_time":0.3470149040222168,"profiling_times":{"config_time":3.525599956512451,"core_time":5.40887713432312,"ignores_time":0.0010819435119628906,"total_time":8.948032855987549},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":18.86908459663391,"per_file_time":{"mean":0.04137957148384623,"std_dev":0.022103438948977986},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php:1:0 [rules: 1, first: php.lang.security.injection.tainted-callable.tainted-callable]","location":{"path":"walletintaleq.intaleq.xyz/v2/main/ride/cliq/verify_payment_ai.php","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}}],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.9992372234935164,"rules_selected_ratio":0.09610983981693363,"rules_matched_ratio":0.09610983981693363},"targets":[],"total_bytes":0,"max_memory_bytes":673257216},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}
Reference in New Issue View Git Blame Copy Permalink