Magic Strings @ The Hackers Place

ush.it

network

devel

WTF

PHP code review: obvious inputs by ascii

Find vanilla inputs

function cr_php_inputs() {
grep -niR 
"$GLOBALS|"
"$_GET|$HTTP_GET_VARS|"
"$_POST|$HTTP_POST_VARS|"
"$_COOKIE|$HTTP_COOKIE_VARS|"
"$_SERVER|$HTTP_SERVER_VARS|"
"$_SESSION|$HTTP_SESSION_VARS|"
"$_ENV|$HTTP_ENV_VARS|"
"$_REQUEST|$HTTP_REQUEST_VARS|"
"$_FILES|$HTTP_FILES_VARS|"
"$HTTP_RAW_POST_DATA|"
"$http_response_header|"
"$argc|$argv|"
"$php_errormsg|"
"$DOCUMENT_ROOT|"
"$GATEWAY_INTERFACE|"
"$HTTP_ACCEPT|"
"$HTTP_ACCEPT_CHARSET|"
"$HTTP_ACCEPT_ENCODING|"
"$HTTP_ACCEPT_LANGUAGE|"
"$HTTP_CONNECTION|"
"$HTTP_HOST|"
"$HTTP_KEEP_ALIVE|"
"$HTTP_REFERER|"
"$HTTP_USER_AGENT|"
"$PATH|"
"$PERL5LIB|"
"$PHP_SELF|"
"$QUERY_STRING|"
"$REMOTE_ADDR|"
"$REMOTE_PORT|"
"$REQUEST_METHOD|"
"$REQUEST_TIME|"
"$REQUEST_URI|"
"$SCRIPT_FILENAME|"
"$SCRIPT_NAME|"
"$SERVER_ADDR|"
"$SERVER_ADMIN|"
"$SERVER_NAME|"
"$SERVER_PORT|"
"$SERVER_PROTOCOL|"
"$SERVER_SIGNATURE|"
"$SERVER_SOFTWARE|"
"ANTANI_ANTANI_ANTANI" 
./$1 > cr_inputs.txt
}

Code review: source code navigation by ascii

Uses gtags/htags and global to surf sources.

gtags -v
htags -sanovt 'Welcome to XXX source tour!'
firefox HTML/index.html 
global -x function_name # find function declaration

PHP code review: obvious inputs by ascii

Find vanilla inputs

function cr_php_inputs() {
grep -niR \
"\$GLOBALS\|"\
"\$_GET\|\$HTTP_GET_VARS\|"\
"\$_POST\|\$HTTP_POST_VARS\|"\
"\$_COOKIE\|\$HTTP_COOKIE_VARS\|"\
"\$_SERVER\|\$HTTP_SERVER_VARS\|"\
"\$_SESSION\|\$HTTP_SESSION_VARS\|"\
"\$_ENV\|\$HTTP_ENV_VARS\|"\
"\$_REQUEST\|\$HTTP_REQUEST_VARS\|"\
"\$_FILES\|\$HTTP_FILES_VARS\|"\
"\$HTTP_RAW_POST_DATA\|"\
"\$http_response_header\|"\
"\$argc\|\$argv\|"\
"\$php_errormsg\|"\
"\$DOCUMENT_ROOT\|"\
"\$GATEWAY_INTERFACE\|"\
"\$HTTP_ACCEPT\|"\
"\$HTTP_ACCEPT_CHARSET\|"\
"\$HTTP_ACCEPT_ENCODING\|"\
"\$HTTP_ACCEPT_LANGUAGE\|"\
"\$HTTP_CONNECTION\|"\
"\$HTTP_HOST\|"\
"\$HTTP_KEEP_ALIVE\|"\
"\$HTTP_REFERER\|"\
"\$HTTP_USER_AGENT\|"\
"\$PATH\|"\
"\$PERL5LIB\|"\
"\$PHP_SELF\|"\
"\$QUERY_STRING\|"\
"\$REMOTE_ADDR\|"\
"\$REMOTE_PORT\|"\
"\$REQUEST_METHOD\|"\
"\$REQUEST_TIME\|"\
"\$REQUEST_URI\|"\
"\$SCRIPT_FILENAME\|"\
"\$SCRIPT_NAME\|"\
"\$SERVER_ADDR\|"\
"\$SERVER_ADMIN\|"\
"\$SERVER_NAME\|"\
"\$SERVER_PORT\|"\
"\$SERVER_PROTOCOL\|"\
"\$SERVER_SIGNATURE\|"\
"\$SERVER_SOFTWARE\|"\
"ANTANI_ANTANI_ANTANI" \
./$1 > cr_inputs.txt
}

Add an entry!

Todotext.. Tagging is a very good idea for the title, just add [category] at the beginning of the title or [category/subcategory]. Todotext..

Title

Author

Description

Data
Verify

index
Page 0

ush.it - a beautiful place
THP USH Wisec DigitalBullets TheHackersPlace network HTTP HTTPS