mirror of
https://github.com/danielmiessler/SecLists.git
synced 2025-04-29 02:06:29 -04:00
46 lines
534 B
Markdown
46 lines
534 B
Markdown
# Auditing php source code with grep
|
|
|
|
## XSS
|
|
`grep -Ri "echo" *`
|
|
|
|
`grep -Ri "\$_" * | grep "echo"`
|
|
|
|
`grep -Ri "\$_GET" * | grep "echo"`
|
|
|
|
`grep -Ri "\$_POST" * | grep "echo"`
|
|
|
|
`grep -Ri "\$_REQUEST" * | grep "echo"`
|
|
|
|
|
|
- - -
|
|
|
|
|
|
## SQL Injection
|
|
`grep -Ri "$sql" *`
|
|
|
|
`grep -RI "mysqli(" *`
|
|
|
|
`grep -Ri "pdo(" * `
|
|
|
|
|
|
- - -
|
|
|
|
|
|
|
|
## File inclusion
|
|
`grep -Ri "file_include(" * `
|
|
|
|
`grep -Ri "file_get_contents(" * `
|
|
|
|
`grep -Ri "include(" *`
|
|
|
|
|
|
- - -
|
|
|
|
|
|
## Command execution
|
|
`grep -Ri "shell_exec(" *`
|
|
|
|
`grep -RIt "system(" *`
|
|
|
|
`grep -Ri "exec(" * `
|