From d84421e2c2f1f9cf9cd0d6dd2dc0aeb0c64773d9 Mon Sep 17 00:00:00 2001
From: Gabor Gyorvari <scr34m@gmail.com>
Date: Sun, 15 Oct 2017 09:25:33 +0200
Subject: [PATCH] Updated definitions by report #6

---
 definitions/patterns_raw.txt | 1 +
 definitions/patterns_re.txt  | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index 67936b5..2438da0 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -11,6 +11,7 @@ system($_GET[
 md5($_GET[
 fwrite($fpsetv, getenv("HTTP_COOKIE")
 system\"$cmd 1> /tmp/
+\145\166\141\154\050\142\141\163\145\066\064\137\144\145\143\157\144\145\050
 
 #Web-Shell patterns
 $sh3llColor
diff --git a/definitions/patterns_re.txt b/definitions/patterns_re.txt
index bde45be..6f5df1f 100644
--- a/definitions/patterns_re.txt
+++ b/definitions/patterns_re.txt
@@ -13,6 +13,9 @@ eval\([a-z0-9]{4,}\(\$[a-z0-9]{4,}, \$[0-9a-z]{4,}\)\);
 #
 chr\(\d+\)\.""\.""\.""\.""\.""
 
+# escaped commands pl.: "eval(base64_decode(" equal "\145\166\141\154\050\142\141\163\145\066\064\137\144\145\143\157\144\145\050"
+(\\\d+){5,}
+
 #
 \$GLOBALS\[\$GLOBALS['[a-z0-9]{4,}'\]\[\d+\]\.\$GLOBALS\['[a-z-0-9]{4,}'\]\[\d+\].