Skip to main content

Oh dear

By Harry Fuecks



Free JavaScript Book!

Write powerful, clean and maintainable JavaScript.

RRP $11.95

Google Code Search for Security Vulnerabilities

Here’s my attempt – hunting for $_GET / $_POST / $_COOKIE placed at the start of on and include / require / include_once / require_once – potentially a path to include remote files. (Un)?fortunately seems to break the search interface right now – although more results are reported, you can’t seem to get beyond page 2 right now.

lang:php (include|require)(_once)?s*['"(]?s*$_(GET|POST|COOKIE)

So what’s the opposite of “security by obscurity” – because this seems to be it – Koders at least kept their search syntax weak.

Harry Fuecks is the Engineering Project Lead at Tamedia and formerly the Head of Engineering at Squirro. He is a data-driven facilitator, leader, coach and specializes in line management, hiring software engineers, analytics, mobile, and marketing. Harry also enjoys writing and you can read his articles on SitePoint and Medium.