Skip to content
This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE initial commit. woot. Jul 12, 2015
README.md Update README.md Jul 8, 2018

README.md

Cheatsheet for finding vulnerable PHP code using grep

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.

Some of this came from a source long forgotten. If you know the source of the original sheet please let me know so I may add credit where due..

follow me: @dustyfresh | website: https://lol.systems

XSS:

grep -Ri "echo" .

grep -Ri "\$_" . | grep "echo"

grep -Ri "\$_GET" . | grep "echo"

grep -Ri "\$_POST" . | grep "echo"

grep -Ri "\$_REQUEST" . | grep "echo"

Command execution:

grep -Ri "shell_exec(" .

grep -Ri "system(" .

grep -Ri "exec(" .

grep -Ri "popen(" .

grep -Ri "passthru(" .

grep -Ri "proc_open(" .

grep -Ri "pcntl_exec(" .

Code execution:

grep -Ri "eval(" .

grep -Ri "assert(" .

grep -Ri "preg_replace" . | grep "/e"

grep -Ri "create_function(" .

SQL Injection:

grep -Ri "\$sql" .

grep -Ri "\$sql" . | grep "\$_"

SQLMAP Cheatsheet for WordPress:

sqlmap -u "http://target.tld/?paramater=1" -p "parameter" --technique=B --dbms=mysql --suffix=")--" --string="Test" --sql-query="select user_login,user_pass from wp_users"

Information leak via phpinfo:

grep -Ri "phpinfo" .

Find dev and debug modes:

grep -Ri "debug" .

grep -Ri "\$_GET['debug']" .

grep -Ri "\$_GET['test']" .

RFI/LFI:

grep -Ri "file_include" .

grep -Ri "include(" .

grep -Ri "require(" .

grep -Ri "require(\$file)" .

grep -Ri "include_once(" .

grep -Ri "require_once(" .

grep -Ri "require_once(" . | grep "\$_"

Misc:

grep -Ri "header(" . | grep "\$_"

grep -Ri '$_SERVER["HTTP_USER_AGENT"]' .

Path Traversal:

grep -Ri file_get_contents .

RATS Auditing tool for C, C++, Perl, PHP and Python

You can’t perform that action at this time.