Databases
StackOverflow2013
Postsdbo
POFind dangerous use of $_GET and $_POST with egrep
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POFind dangerous use of $_GET and $_POST with egrep
    text
    copied!<p>I would like to be sure, that I didn't use $_POST or $_GET in a way an attacker could make use of (XSS-Attacks, SQL-Injections). To find all lines where I used $_GET or $_POST I used this command: </p> <pre><code>egrep "_GET|_POST" -r -i MyFolder &gt; dangerousUse.txt </code></pre> <p>dangerousUse.txt has 439 lines. If I search like this:</p> <pre><code>egrep "\$_GET|\$_POST" -r -i MyFolder &gt; dangerousUse.txt </code></pre> <p>dangerousUse.txt has 0 lines. If I search like this:</p> <pre><code>egrep "_GET\[|_POST\[" -r -i MyFolder &gt; dangerousUse.txt </code></pre> <p>dangerousUse.txt has 385 lines. I think this is the number I want, but I would like the $-sign to get matched, too.</p> <p>My first question is: Why doesn't the second egrep-command work?</p> <p>Now I am sure, that the input is used correct if one of the following commands have been applied:</p> <ul> <li><code>mysql_real_escape_string(htmlspecialchars($input))</code> or <code>mysql_real_escape_string ( htmlspecialchars ( $input ) )</code> or other combinations with whitespaces.</li> <li><code>intval($input)</code></li> <li><code>isset($input)</code></li> <li><code>$input ==</code> or <code>== $input</code></li> </ul> <p>How can I find only those lines, where $_POST or $_GET are used without these functions? It would also be okay to delete the lines in dangerousUse.txt, where these functions are applied to each $_POST or $_GET in this line.</p> <p>edit: </p> <pre><code>egrep '\$_GET\[|\$_POST\[' -r -i MyFolder &gt; dangerousUse.txt </code></pre> <p>works, thanks to VGE for the first part of the answer. Now dangerousUse.txt has 385 lines. But the second one is more important for me.</p> <p>for the second part, <code>egrep -v</code> inverts matches:</p> <pre><code>egrep '(isset|intval|mysql_real_escape_string\(htmlspecialchars|md5|datum_anpassen)[\w]*\(\$_' -i -v dangerousUse.txt &gt; dangerousUse2.txt </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload