Here's a minimal working example for manual.php?upd=1:

<?php
$pdo = new PDO('mysql:host=localhost;dbname=game_wiki', 'user', 'pass');

$upd_id = $_GET['upd'] ?? 0;


if ($upd_id) 
$stmt = $pdo->prepare("SELECT * FROM manual_pages WHERE id = ?");
$stmt->execute([$upd_id]);
$page = $stmt->fetch();
if ($page) 
echo "<h1>$page['title']</h1>";
echo "<div>$page['content']</div>";
echo "<small>Last updated: $page['updated_at']</small>";
 else 
echo "Manual entry not found.";
else 
// Show list of all manual entries
$all = $pdo->query("SELECT id, title FROM manual_pages ORDER BY title");
echo "<ul>";
foreach ($all as $row) 
echo "<li><a href='?upd=$row['id']'>$row['title']</a></li>";
echo "</ul>";
?>

Common feature requests for such a page could be:

rule Suspicious_manual_php_upd 
    meta:
        description = "Detects manual.php with upd parameter in URL"
        author = "Security Analyst"
    strings:
        $uri = "/manual.php?upd=" ascii nocase
    condition:
        $uri
Scroll to Top