PHP XSS: /\becho\b.*\$_GET\b/ or /echo\s+\$_REQUEST/
PHP XSS: /^.*\becho\s+\$_GET\b.*$/
PHP XSS (most FP-prone): /^.*\becho\s+\$\b.*$/
PHP SQL Injection: /(SELECT|INSERT|UPDATE|DELETE)\s(.*\$_POST|.*\$_GET|.*\$_REQUEST)/
PHP OS Command Injection: /(exec\(|system\(|shell_exec\(|passthru\()(.*\$_POST|.*\$_GET|.*\$_REQUEST)/
Host Header Injection (Node.js & PHP): req.headers.host path:*pass* and /\$_SERVER\['host'\]|gethostname.*(reset|forgot)/
.NET Host Header Injection: /(Request\.Headers\["Host"\]|Request\.Host\.Value|HttpContext\.Current\.Request\.Headers\["Host"\]|HttpContext\.Request\.Host\.Value)/ forgot
Host Header Injection generic: host path:**/*forgot*/**
Insecure Deserialization in PHP: /(unserialize\()(.*\$_POST|.*\$_GET|.*\$_REQUEST)/

Provide feedback

Saved searches