Perl

Regex possibly interesting methods

^(?![ \t]*#).*(prepare\(|prepare |selectall_arrayref\(|selectall_arrayref |selectrow_array\(|selectrow_array |execute\(|execute |sprintf\(|sprintf |open\(|open |close\(|close |read\(|read |sysread\(|sysread |write\(|write |syswrite\(|syswrite |print\(|print |unlink\(|unlink |rename\(|rename |copy\(|copy |move\(|move |chmod\(|chmod |chown\(|chown |mkdir\(|mkdir |rmdir\(|rmdir |opendir\(|opendir |readdir\(|readdir |closedir\(|closedir |stat\(|stat |lstat\(|lstat |utime\(|utime |truncate\(|truncate |binmode\(|binmode |seek\(|seek |tell\(|tell |mkpath\(|mkpath |make_path\(|make_path |remove_tree\(|remove_tree |rmtree\(|rmtree |system\(|system |exec\(|exec |`.*`|qx\/|eval\(|eval |require |require\(|do\(|do |kill\(|kill |fork\(|fork |LWP::UserAgent|HTTP::Tiny|IO::Socket::INET|Net::HTTP|Net::HTTPS|AnyEvent::HTTP|WWW::Mechanize|XML::Parser|XML::LibXML|XML::Simple::XMLin|XML::Twig|XML::SAX::ParserFactory|MongoDB::Collection->find|MongoDB::Collection->find_one|MongoDB::Collection->insert_one|MongoDB::Collection->update_one|MongoDB::Collection->remove|MongoDB::Database->run_command|MongoDB::|Storable::thaw|Storable::retrieve|FreezeThaw::thaw|Data::Dumper::eval|Data::Serializer::deserialize|Sereal::Decoder->decode|deserialize\(|deserialize |serialize\(|serialize |evalq\(|evalq |Template->process|Text::Template->fill_in|Text::MicroTemplate->render|HTML::Template->param|Archive::Zip|Archive::Tar|IO::Uncompress::Unzip)

Some descriptions below

Sql injection

prepare\(|prepare |selectall_arrayref\(|selectall_arrayref |selectrow_array\(|selectrow_array |execute\(|execute |sprintf\(|sprintf |do\(|do

File interactions

open\(|open |close\(|close |read\(|read |sysread\(|sysread |write\(|write |syswrite\(|syswrite |print\(|print |unlink\(|unlink |rename\(|rename |copy\(|copy |move\(|move |chmod\(|chmod |chown\(|chown |mkdir\(|mkdir |rmdir\(|rmdir |opendir\(|opendir |readdir\(|readdir |closedir\(|closedir |stat\(|stat |lstat\(|lstat |utime\(|utime |truncate\(|truncate |binmode\(|binmode |seek\(|seek |tell\(|tell |mkpath\(|mkpath |make_path\(|make_path |remove_tree\(|remove_tree |rmtree\(|rmtree

OS injection

.*`|qx\/|eval\(|eval |require |require\(|do\(|do |kill\(|kill |fork\(|fork

SSRF

LWP::UserAgent|HTTP::Tiny|IO::Socket::INET|Net::HTTP|Net::HTTPS|AnyEvent::HTTP|WWW::Mechanize

XXE

XML::Parser|XML::LibXML|XML::Simple::XMLin|XML::Twig|XML::SAX::ParserFactory

NoSQL

MongoDB::Collection->find|MongoDB::Collection->find_one|MongoDB::Collection->insert_one|MongoDB::Collection->update_one|MongoDB::Collection->remove|MongoDB::Database->run_command|MongoDB::

Insecure Deserialization

Storable::thaw|Storable::retrieve|FreezeThaw::thaw|Data::Dumper::eval|Data::Serializer::deserialize|Sereal::Decoder->decode|deserialize\(|deserialize |serialize\(|serialize

SSTI

evalq\(|evalq |Template->process|Text::Template->fill_in|Text::MicroTemplate->render|HTML::Template->param

Zip interactions

Archive::Zip|Archive::Tar|IO::Uncompress::Unzip

PreviousPython NextWhitebox

Last updated 4 months ago