[pef.py] dangerous patterns - LFI/RFI RegExp checkin

bl4de / security-tools

My collection of various security tools created mostly in Python and Bash. For CTFs and Bug Bounty.

MIT License

863 stars 177 forks source link

[pef.py] dangerous patterns - LFI/RFI RegExp checkin #2

Closed bl4de closed 5 years ago

bl4de commented 9 years ago


fileInclude = ["include($_GET", "require($_GET", "include_once($_GET", "require_once($_GET"]

...

for _dp in fileInclude:
            if _dp in __line:
                total += 1
                printcodeline(_line, i, _dp + '()', _PefOutput.fiMsgFound)

Use regexp to check this vuln