Flux RSS des billets

DotMG's joblog

Work hard at whatever you do! (Ecc. 9. 10a)
Find corrupted php source
Publié le 27 Sep 2012, 10:14 pm dans php
I was given a CD containing a website that the owner wanted to transfer to my Madagascar web hosting dot.mg. Well, I don't know how they did burn this disk, but when the copy and installation was completed, the site showed gibberish content and at the bottom of the page a sensitive part of the PHP source were exposed. Some of the PHP source were corrupted, and the <?php markers along with some code were replaced with binary lettersalad. I spotted only one file corrupted, but since this corruption could leak sensitive information, I needed a way to list all corrupted files so that I could reclaim them from the website owner. So, basically, what I want is a tool that checks all php files and list which ones of them contains binary data. The quick solution I created was this very simple command :
 grep -r $'[\x0e-\x1f]' * | grep php
My pattern is $'[\x0e-\x1f'], any character between ascii code hex 0E and 1F. I could have listed all character that cannot appear in normal text files, but somehow, this was sufficient. The option -r iterates through subfolders, and for this, I could not use *.php as file pattern. The first part of this command finds binary characters from 0E to 1F in all files. If a match is found, it outputs texts like
Binary file images/test.jpg matches
Binary file inc/connexion.php matches
Look! grep considered file inc/connexion.php as binary file. What remains is to filter this output and show only php files, that's what piping to grep php stands for. And voilà!
Les commentaires sont fermés pour ce billet.