Posts Code Review Snippets
Post
Cancel

Code Review Snippets

Common Weaknesses


  • Hardcoded credentials/secrets/keys
  • Information leakage/verbose errors
  • Missing security flags
  • Weak password hashing
  • XSS
  • No CSRF protection
  • SQLi
  • RCE
  • Directory listing
  • Local/Remote file inclusion
  • Cryptographic issues
  • Signature bypass
  • Authentication bypass


Resources



Suspicious Functions and Keywords


General Functions

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
system()
exec()
eval()
assert()
popen()
preg_replace()
passthru()
shell_exec()
proc_open()
include()
include_once()
require()
require_once()
mail()
serialize()
unserialize()
rand()
date()

Cryptographic Functions

1
2
3
4
5
encrypt()
decrypt()
decode()
encode()
digest()

Database Functions

1
2
3
4
5
6
7
8
9
10
11
querydb()
query_db()
mysql_query()
mysql_db_query()
db.cursor()
db.prepare()
MySQLdb.connect()
selectQueryString
Database.Open
db.Query()
db.Execute()


Hunting with Grep


Grep provides endless possibilities:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
grep -iRl 'api\|key\|api_key\|apikey\|apitoken\|token'
grep -R '.*?(shell_exec|exec|passthru|system|popen|proc_open|eval)\(.*?'
grep -iRl '$_GET\|$_POST\|$_REQUEST\|$_COOKIE'
grep -iR '<pattern>' --exclude='*.css'

grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"   // IP
grep -Eo "(http|https)://[a-zA-Z0-9./?=_%:-]*"   // URLs
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b"    // emails
grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'   // mac

grep -e "[0-9a-f]\{32\}"   // md5
grep -o -E -e "[0-9a-f]{40}"   // sha1
grep -Ea '\$2[ayb]\$.{56}'   // bcrypt
grep -e "$2a\$\08\$(.){75}"   // blowfish
This post is licensed under CC BY 4.0 by the author.