Regex for Easy 0days

Here is a regex I wrote to detect if a PHP code is calling dangerous functions with tainted variables.

/(\$[a-zA-Z0-9]+) ?=[^;]*\$_(GET|POST|REQUEST)[^;]*;.*(shell_exec|system|exec|passthru|eval)\([^\)]*\1[^\)]*\)/gms

3 Likes

Hey man I am quite new how could I utilize this regex to (in a practical way) find possible flaws? (the image is not loading, also a link to a resource where I can learn it is fine). Thanks in advance.

I mean no offense but if it’s a white box-test you wouldn’t need a regex to identify a blatant RCE from passing $_GET/$_POST/$_REQUEST variables into these methods. Still cool though :slight_smile: