PHP Security scanner - need help

[cwarn23]

Hi, I'm making a site security tester which is basically a bot that scans a selected website for any php security holes such as sql injections then reports them to the user. I have managed to write the bot and all but the last piece left is the function that actually tests each individual page for security holes. The function that starts testing each individual page is as follows:

function generate($url) {
$data=file_get_contents($url);
//now to do some tests on the page
}

As you can see, this function will be used on each and every valid url inside the website to perform tests on. But my question is, how do I test for php security holes and what security holes are possible?

I read something about if ";ls -la" (without the quotes) is placed in the url and not filtered it can display the contents of a web directory. But what would file_get_contents return if that is the case?

 

This is also an open source project so just let me know if you want the full code just in case you want your own bot. Please help as it would be really useful for newbies to test their websites.