Grep and web vulnerability Mining

Source: Internet
Author: User
Tags setcookie

Text/superhei _ [at] _ ph4nt0m.org 2006-03-08

[A. grep below (http://www.interlog.com /~ Tcharron/grep.html) does not support the-R parameter. You can use the following format: grep-in "/(include/| require/)" C:/test /*. php c:/test/admin /*. PHP can also use cygwin porting to grep (http://zhouzhen.eviloctal.org/Look.asp? Logid = 814) B. multiple keywords or mode |. If and mode is used, use the following pipeline mode: grep-in "/select/| $ aid" C:/test/read. PHP | grep-I "from"]

1. include Vulnerability keywords: Include require C:/> grep-in "/(include/| require/)" C:/test /*. PHP config. PHP: 10: Include 'forbid. PHP '; Conn. inc. PHP: 10: Include 'forbid. PHP '; Conn. PHP: 10: Include 'forbid. php'; Global. PHP: 10: Include 'forbid. php'; Global. PHP: 16: require_once ('conn. inc. PHP '); Global. PHP: 17: require_once ('conn. PHP ');

2. SQL Injection

Keywords: Select variable name

Find.-Name '*. php' | xargs grep-NIW "select" -- color-5

Find. -name '*. php' | xargs grep-liw "select" -- color-5 C:/> grep-in "/select" C:/test/read. PHP 15: $ query = $ db-> query ("select * from ". $ tablepre. "content where aid = $ aid ");

C:/> grep-in "/select/| $ aid" C:/test/read. PHP 13: $ aid = $ _ Get ['aid ']; 14: $ db-> query ("Update ". $ tablepre. "content set hits = hits + 1 where aid = '$ aid'"); 15: $ query = $ db-> query ("select * from ". $ tablepre. "content where aid = $ aid ");

3. CMD Injection

Keywords: exec system popen passthru proc_open

C:/> grep-in "/(exec/| System/| popen/| passthru/| proc_open/)" C:/test/phpspy. PHP 413: $ A = $ shell-> ShellExecute ($ _ post ['program '], $ _ post ['prog']); 602: $ program = isset ($ _ post ['prop'])? $ _ Post ['program ']: "C:/wi NNT/system32/cmd.exe"; 613: $ execfuncs = (substr (php_ OS, 0, 3) = 'win ')? Array ('system' => 'system', 'passthru' => 'passthru', 'exec '=> 'exec ', 'Shell _ exec '=> 'Shell _ exec', 'popen '=> 'popen', 'wscript' => 'wscript. shell '): array ('system' => 'system', 'passthru' => 'passthru', 'exec' => 'exec ', 'Shell _ exec '=> 'Shell _ exec', 'popen '=> 'popen'); 615: $ TB-> tdbody ('select execution function :'. $ TB-> makeselect (Array ('name' => 'execfunc', 'O ption '=> $ execfuncs, 'selected' => $ execfunc )). 'Enter the command :'. $ TB-> makeinput ('command', $ _ post ['command'], '', 'text', '60 '). ''. $ TB-> makeinput ('', 'run','', 'submit '); 620: if ($ execfunc = "system") {621: system ($ _ post ['command']); 622:} elseif ($ execfunc = "passthru") {623: passthru ($ _ post ['command']);

4. Code Injection

Keywords: eval preg_replace

C:/> grep-in "/eval/| preg_replace" C:/test /*. PHP phpspy. PHP: 1034: eval ('$ hexdtime = "'. $ hexdtime. '";');

5. Variable submission method

Keywords: Get post cookie Server Request

C:/> grep-in "_/get/| post/| Cookie/| Server/| request" C:/test/list. PHP 13: $ SID = $ _ Get ['sid']; 14: if ($ _ Get ['page']) {15: $ page = $ _ Get ['page'];

6. Cookie and session

Keywords: Cookie Session

C:/> grep-in "/session/| cookie" C:/test/admin/*. php global. php: 16: If (! Isset ($ _ cookie ['in']) {index. php: 13: If (! Isset ($ _ cookie ['in']) {job. php: 13: If (! Isset ($ _ cookie ['in']) {login. PHP: 22: setcookie ("in", "$ admin"); logout. PHP: 11: setcookie ("in", ""); main. PHP: 14: isset ($ _ cookie )? $ Ifcookie = "success": $ ifcookie = "fail ";

7. File Functions

Keywords: readfile fopen upload copy opendir fwrite unlink

... Hope you can continue!

Related Article

Cloud Intelligence Leading the Digital Future

Alibaba Cloud ACtivate Online Conference, Nov. 20th & 21st, 2019 (UTC+08)

Register Now >

11.11 Big Sale for Cloud

Get Unbeatable Offers with up to 90% Off,Oct.24-Nov.13 (UTC+8)

Get It Now >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.