Close #106 - XXE-Fuzzing / Grep PHP Auditing
This commit is contained in:
g0tmi1k
46
Pattern-Matching/grepstrings-auditing-php.md
Normal file
46
Pattern-Matching/grepstrings-auditing-php.md
Normal file
@@ -0,0 +1,46 @@
|
||||
# Auditing php source code with grep
|
||||
|
||||
## XSS
|
||||
`grep -Ri "echo" *`
|
||||
|
||||
`grep -Ri "\$_" * | grep "echo"`
|
||||
|
||||
`grep -Ri "\$_GET" * | grep "echo"`
|
||||
|
||||
`grep -Ri "\$_POST" * | grep "echo"`
|
||||
|
||||
`grep -Ri "\$_REQUEST" * | grep "echo"`
|
||||
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
## SQL Injection
|
||||
`grep -Ri "$sql" *`
|
||||
|
||||
`grep -RI "mysqli(" *`
|
||||
|
||||
`grep -Ri "pdo(" * `
|
||||
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
|
||||
## File inclusion
|
||||
`grep -Ri "file_include(" * `
|
||||
|
||||
`grep -Ri "file_get_contents(" * `
|
||||
|
||||
`grep -Ri "include(" *`
|
||||
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
## Command execution
|
||||
`grep -Ri "shell_exec(" *`
|
||||
|
||||
`grep -RIt "system(" *`
|
||||
|
||||
`grep -Ri "exec(" * `
|
||||
Reference in New Issue
Block a user