Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet

Last synced: 26 days ago
JSON representation

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.

Host: GitHub
URL: https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet
Owner: dustyfresh
License: other
Created: 2015-07-12T22:48:09.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2018-07-08T15:51:56.000Z (over 6 years ago)
Last Synced: 2024-08-03T16:09:27.013Z (4 months ago)
Size: 4.88 KB
Stars: 346
Watchers: 9
Forks: 57
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-systools - Cheatsheet for finding vulnerable PHP code using grep
awesome-hacking-lists - dustyfresh/PHP-vulnerability-audit-cheatsheet - This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function. (Others)

README

# Cheatsheet for finding vulnerable PHP code using grep

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.

Some of this came from a source long forgotten. If you know the source of the original sheet please let me know so I may add credit where due..

follow me: [@dustyfresh](https://twitter.com/dustyfresh) | website: https://lol.systems

XSS:
----
```grep -Ri "echo" .```

```grep -Ri "\$_" . | grep "echo"```

```grep -Ri "\$_GET" . | grep "echo"```

```grep -Ri "\$_POST" . | grep "echo"```

```grep -Ri "\$_REQUEST" . | grep "echo"```

Command execution:
------------------
```grep -Ri "shell_exec(" .```

```grep -Ri "system(" .```

```grep -Ri "exec(" .```

```grep -Ri "popen(" .```

```grep -Ri "passthru(" .```

```grep -Ri "proc_open(" .```

```grep -Ri "pcntl_exec(" .```

Code execution:
---------------
```grep -Ri "eval(" .```

```grep -Ri "assert(" .```

```grep -Ri "preg_replace" . | grep "/e"```

```grep -Ri "create_function(" .```

SQL Injection:
--------------
```grep -Ri "\$sql" .```

```grep -Ri "\$sql" . | grep "\$_"```

SQLMAP Cheatsheet for WordPress:
--------------------------------
```
sqlmap -u "http://target.tld/?paramater=1" -p "parameter" --technique=B --dbms=mysql --suffix=")--" --string="Test" --sql-query="select user_login,user_pass from wp_users"
```

Information leak via phpinfo:
-----------------------------
```grep -Ri "phpinfo" .```

Find dev and debug modes:
-------------------------
```grep -Ri "debug" .```

```grep -Ri "\$_GET['debug']" .```

```grep -Ri "\$_GET['test']" .```

RFI/LFI:
--------
```grep -Ri "file_include" .```

```grep -Ri "include(" .```

```grep -Ri "require(" .```

```grep -Ri "require(\$file)" .```

```grep -Ri "include_once(" .```

```grep -Ri "require_once(" .```

```grep -Ri "require_once(" . | grep "\$_"```

Misc:
-----
```grep -Ri "header(" . | grep "\$_"```

```grep -Ri '$_SERVER["HTTP_USER_AGENT"]' .```

Path Traversal:
---------------
```grep -Ri file_get_contents .```

### [RATS Auditing tool for C, C++, Perl, PHP and Python](https://www.fortify.com/ssa-elements/threat-intelligence/rats.html)