So I was listening to the latest PaulDotCom security weekly podcast episode 232 via my SecurityPodcasts Boxee app where Mike Murr or Murray or both?! were talking about effective Phishing and how to be 110% successful.
My phishing experience is minimal so I decided to find out for myself how easy it was to get people to click on ‘malicious’ hyperlinks. I did this by tweeting the following from my ethicalhack3r Twitter account.
As you can see I tweeted the words “DO NOT CLICK =>” followed by a shortened bit.ly hyperlink. I suspect that most of my (at the time of writing) 3000 followers are in some way interested in information security and are all well aware of the potential risks of clicking unknown shortened hyperlinks. Or so you would think.
Today I used the following commands to grep through PHP source code to find some bugs. I thought they may be useful to someone else so I thought I would stick them on here. This list is by no means extensive however they are the ones I found most useful.
Find user input/output for possible XSS:
grep -i -r “echo” *
grep -i -r “\$_GET” *
grep -i -r “\$_” * | grep “echo”
grep -i -r “\$_GET” * | grep “echo”
grep -i -r “\$_POST” * | grep “echo”
grep -i -r “\$_REQUEST” * | grep “echo”