SecLists/Pattern-Matching/grepstrings-auditing-php.md

# Auditing php source code with grep

## XSS
`grep -Ri "echo" *`

`grep -Ri "\$_" * | grep "echo"`

`grep -Ri "\$_GET" * | grep "echo"`

`grep -Ri "\$_POST" * | grep "echo"`

`grep -Ri "\$_REQUEST" * | grep "echo"`


- - -


## SQL Injection
`grep -Ri "$sql" *`

`grep -RI "mysqli(" *`

`grep -Ri "pdo(" * `


- - -


## File inclusion
`grep -Ri "file_include(" * `

`grep -Ri "file_get_contents(" * `

`grep -Ri "include(" *`


- - -


## Command execution
`grep -Ri "shell_exec(" *`

`grep -RIt "system(" *`

`grep -Ri "exec(" * `
Fix #259 - Recover from bad merge 2019-01-07 15:40:56 +00:00			`# Auditing php source code with grep`

			`## XSS`
			`grep -Ri "echo" *`

			`grep -Ri "\$_" * \| grep "echo"`

			`grep -Ri "\$_GET" * \| grep "echo"`

			`grep -Ri "\$_POST" * \| grep "echo"`

			`grep -Ri "\$_REQUEST" * \| grep "echo"`


			`- - -`


			`## SQL Injection`
			`grep -Ri "$sql" *`

			`grep -RI "mysqli(" *`

			`grep -Ri "pdo(" * `


			`- - -`



			`## File inclusion`
			`grep -Ri "file_include(" * `

			`grep -Ri "file_get_contents(" * `

			`grep -Ri "include(" *`


			`- - -`


			`## Command execution`
			`grep -Ri "shell_exec(" *`

			`grep -RIt "system(" *`

			`grep -Ri "exec(" * `