php代码审计部分关键词

Find user input/output for possible XSS

 grep -i -r "echo" *
 grep -i -r "\$_GET" *
 grep -i -r "\$_" * | grep "echo"
 grep -i -r "\$_GET" * | grep "echo"
 grep -i -r "\$_POST" * | grep "echo"
 grep -i -r "\$_REQUEST" * | grep "echo"

Find potential command execution

 grep -i -r “shell_exec(” *
 grep -i -r “system(” *
 grep -i -r “exec(” *
 grep -i -r “popen(” *
 grep -i -r “passthru(” *
 grep -i -r “proc_open(” *
 grep -i -r “pcntl_exec(” *

Find potential code execution

 grep -i -r “eval(” *
 grep -i -r “assert(” *
 grep -i -r “preg_replace” * | grep “/e”
 grep -i -r “create_function(” *

Find potential SQL injection

 grep -i -r “\$sql” *
 grep -i -r “\$sql” * | grep “\$_”

Find potential information disclosure

 grep -i -r “phpinfo” *

Find potential development functionality

 grep -i -r “debug” *
 grep -i -r “\$_GET['debug']” *
 grep -i -r “\$_GET['test']” *

Find potential file inclusion

 grep -i -r “file_include” *
 grep -i -r “include(” *
 grep -i -r “require(” *
 grep -i -r “require(\$file)” *
 grep -i -r “include_once(” *
 grep -i -r “require_once(” *
 grep -i -r “require_once(” * | grep “\$_”

Other

 grep -i -r "header(" * | grep "\$_"