PHP Cheatsheet
searching for vulnerable shell functions
egrep -r --include "*.php" -e "(system|pcntl_exec|passthru|exec|shell_exec|popen|pcntl_exec|proc_open)\(" .
searching for certain vulnerable php execution functions
egrep -r --include "*.php" -e "(eval|assert|create_function|preg_replace)\(" .
Useful for XSS. Searching variables that are echoed without htmlspecialchars()
egrep -r --include "*.php" -e "echo\s*\\$.*;" .
searching for the back tick operator, used to execute arbitrary shell commands
egrep -r --include "*.php" -e "\`.*\`" .
searching for hardcoded credentials
egrep -r --include "*.php" -e "(\\$|\->)?(\\[\")?(user|pass|username|password)(\"\\])?\s*=\s*\".*\"" .
egrep -r --include "*.php" -e "(mysql_connect|mysqli)\(\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')" .
potential sql injection instances
egrep -r --include "*.php" -e "\->(query|exec)\(\s*\".*\".*\." .
file system access
egrep -r --include "*.php" -e "(fopen|fread|fwrite|fclose)\(" .
possible xxe instances, look for the true parameter
egrep -r --include "*.php" -e "libxml_disable_entity_loader\(" .
Last updated
Was this helpful?