Text/SuperHei _ [At] _ ph4nt0m.org 2006-03-08
[A. grep below (http://www.interlog.com /~ Tcharron/grep.html) does not support the-r parameter. You can use the following format:
Grep-in "/(include/| require/)" C:/test/*. php C:/test/admin/*. php
You can also use cygwin to port grep (http://zhouzhen.eviloctal.org/Look.asp? LogID = 814)
B. Use multiple keywords or mode | if you use and mode, you can use the following pipeline mode:
Grep-in "/select/| $ aid" C:/test/read. php | grep-I "from"]
1. vulnerabilities included
Keywords: include require
C:/> grep-in "/(include/| require/)" C:/test/*. php
Config. php: 10: include 'forbid. php ';
Conn. inc. php: 10: include 'forbid. php ';
Conn. php: 10: include 'forbid. php ';
Global. php: 10: include 'forbid. php ';
Global. php: 16: require_once ('conn. inc. php ');
Global. php: 17: require_once ('conn. php ');
2. SQL Injection
Keywords: select variable name
Find.-name '*. php' | xargs grep-niw "select" -- color-5
Find.-name '*. php' | xargs grep-liw "select" -- color-5
C:/> grep-in "/select" C:/test/read. php
15: $ query = $ db-> query ("SELECT * FROM". $ tablepre. "content WHERE aid = $ aid ");
C:/> grep-in "/select/| $ aid" C:/test/read. php
13: $ aid = $ _ GET ['aid '];
14: $ db-> query ("UPDATE". $ tablepre. "content SET hits = hits + 1 WHERE aid = '$ aid '");
15: $ query = $ db-> query ("SELECT * FROM". $ tablepre. "content WHERE aid = $ aid ");
3. CMD Injection
Keywords: exec system popen passthru proc_open
C:/> grep-in "/(exec/| system/| popen/| passthru/| proc_open/)" C:/test/phpspy. php
413: $ a = $ shell-> ShellExecute ($ _ POST ['program '], $ _ POST ['prog']);
602: $ program = isset ($ _ POST ['program '])? $ _ POST ['signature']: "c:/wi
Nnt/system32/cmd.exe ";
613: $ execfuncs = (substr (PHP_ OS, 0, 3) = 'win ')? Array ('system' => 'system ',
'Passthru' => 'passthru', 'exec '=> 'exec', 'Shell _ exec '=> 'Shell _ exec', 'popen '=> 'popen
', 'Wscript' => 'wscript. shell'): array ('system' => 'system', 'passthru' => 'passthru ',
'Exec '=> 'exec', 'Shell _ exec '=> 'Shell _ exec', 'popen '=> 'popen ');
615: $ tb-> tdbody ('select the execution function: '. $ tb-> makeselect (array ('name' => 'execfunc', 'O
Ption '=> $ execfuncs, 'selected' => $ execfunc).' input command: '. $ tb-> makeinput ('COMMAND
', $ _ POST ['command'], '', 'text', '60 '). ''. $ tb-> makeinput ('', 'run','', 'submit '));
620: if ($ execfunc = "system "){
621: system ($ _ POST ['command']);
622:} elseif ($ execfunc = "passthru "){
623: passthru ($ _ POST ['command']);
4. Code Injection
Keywords: eval preg_replace
C:/> grep-in "/eval/| preg_replace" C:/test/*. php
Phpspy. php: 1034: eval ('$ hexdtime = "'. $ hexdtime .'";');
5. Variable submission method
Keywords: GET POST COOKIE SERVER REQUEST
C:/> grep-in "_/GET/| POST/| COOKIE/| SERVER/| REQUEST" C:/test/list. php
13: $ sid = $ _ GET ['sid '];
14: if ($ _ GET ['page']) {
15: $ page = $ _ GET ['page'];
6. cookie and session
Keywords: cookie session
C:/> grep-in "/session/| cookie" C:/test/admin/*. php
Global. php: 16: if (! Isset ($ _ COOKIE ['in']) {
Index. php: 13: if (! Isset ($ _ COOKIE ['in']) {
Job. php: 13: if (! Isset ($ _ COOKIE ['in']) {
Login. php: 22: setcookie ("IN", "$ admin ");
Logout. php: 11: setcookie ("IN ","");
Main. php: 14: isset ($ _ COOKIE )? $ Ifcookie = "SUCCESS": $ ifcookie = "FAIL ";
7. File Functions
Keywords: readfile fopen upload copy opendir fwrite unlink
........
Hope you can continue! :)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
