Updated WordPress Plugin Security Testing Cheat Sheet (markdown)
Ryan Dewhurst
@@ -143,6 +143,7 @@ Use this [simple Burp Suite extention](https://gist.github.com/ethicalhack3r/7c2
|
|||||||
- ```assert()```
|
- ```assert()```
|
||||||
- ```preg_replace()``` dangerous "e" flag deprecated since PHP >= 5.5.0 and removed in PHP >= 7.0.0.
|
- ```preg_replace()``` dangerous "e" flag deprecated since PHP >= 5.5.0 and removed in PHP >= 7.0.0.
|
||||||
- ```php://input``` reads raw data from the request body, can lead to RCE if used in eval
|
- ```php://input``` reads raw data from the request body, can lead to RCE if used in eval
|
||||||
|
- ```call_user_func()``` calls a function from a string, see https://owasp.org/www-community/attacks/Function_Injection
|
||||||
|
|
||||||
## Authorisation
|
## Authorisation
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user