This report presents a static vulnerability analysis tool called Eir, created for scanning PHP applications for XSS and SQLi vulnerabilities. The tool uses known theories in the field of static analysis. It is able to detect reflected as well as stored vulnerabilities. Using pattern matching to find storage locations, this prototype shows that it is possible to find stored vulnerabilities by matching pairs of incoming and outgoing data sets in a static analysis.
The tool also looks into modeling of large frameworks to scan extensions such as WordPress plugins. Modeling a large amount of functionality made it possible to detect a large amount of vulnerabilities in WordPress plugins.
Eir was able to detect 66 new confirmed vulnerabilities in WordPress plugins, where 17 of these were stored vulnerabilities.