PHP Cheatsheet

searching for vulnerable shell functions

egrep -r --include "*.php" -e "(system|pcntl_exec|passthru|exec|shell_exec|popen|pcntl_exec|proc_open)\(" .

searching for certain vulnerable php execution functions

egrep -r --include "*.php" -e "(eval|assert|create_function|preg_replace)\(" .

Useful for XSS. Searching variables that are echoed without htmlspecialchars()

egrep -r --include "*.php" -e "echo\s*\\$.*;" .

searching for the back tick operator, used to execute arbitrary shell commands

egrep -r --include "*.php" -e "\`.*\`" .

searching for hardcoded credentials

egrep -r --include "*.php" -e "(\\$|\->)?(\\[\")?(user|pass|username|password)(\"\\])?\s*=\s*\".*\"" .
egrep -r --include "*.php" -e "(mysql_connect|mysqli)\(\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')" .

potential sql injection instances

egrep -r --include "*.php" -e "\->(query|exec)\(\s*\".*\".*\." .

file system access

egrep -r --include "*.php" -e "(fopen|fread|fwrite|fclose)\(" .

possible xxe instances, look for the true parameter

egrep -r --include "*.php" -e "libxml_disable_entity_loader\(" .

PreviousCode Grepping NextWindows Internals

Last updated 2 years ago

Was this helpful?