Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added UCenter & new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD 2018-06-24 13:24:40 +02:00
parent 7507039fa6
commit 0eb865f1c1
4 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cms-ver.php
View File

@ -182,6 +182,7 @@
array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),
array("Grav CMS", "/system/defines.php", "define('GRAV_VERSION',", "Maintained"),
array("CuteNews", "/inc/functions.inc.php", "\$config_version_name = \"CuteNews v", "EOL"),
array("UCenter", "/index.php", "define('UC_VERSION',", "EOL"),
// still need to work on these
array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review

3
cms-vss.php
View File

@ -196,7 +196,8 @@
array("ELGG", "/vendor/elgg/elgg/composer.json", "\"version\":", "Maintained"),
array("Grav CMS", "/system/defines.php", "define('GRAV_VERSION',", "Maintained"),
array("CuteNews", "/inc/functions.inc.php", "\$config_version_name = \"CuteNews v", "EOL"),
array("UCenter", "/index.php", "define('UC_VERSION',", "EOL"),
// still need to work on these
array("Silverstripe", "/cms/silverstripe_version", "*"), //needs review
array("Croogo", "/Vendor/croogo/croogo/VERSION.txt", "*"), // needs further review

1
malware6.pl
View File

@ -237,6 +237,7 @@ my @regexen = (
qr/<\?php\s+ignore_user_abort\(\);.+?system\(base64_decode\(.+?system\(\'echo \"\* \* \* \* \* wget http:\/\/\'\.\$_SERVER\[\"HTTP_HOST\"\]\.\$_SERVER\[\"REQUEST_URI\"\]\.\'\" \| crontab\'\);\s+\?>/is,
qr/<\?php for\(\$o=0,\$e=\'&\\\'\(\)\*\+,-\.:\].+?\(:\)^\',\$d=\'\';\@ord\(\$e\[\$o\]\);\$o\+\+\)\{if\(\$o<16\)\{\$h\[\$e\[\$o\]\]=\$o;\}else\{\$d\.=\@chr\(\(\$h\[\$e\[\$o\]\]<<4\)\+\(\$h\[\$e\[\+\+\$o\]\]\)\);\}\}eval\(\$d\); \?>/is,
qr/<\?php\s+\$ver = \'abcdefghijklmnopqrstuvwxyz\';\s+\$check = \$ver\{.+?\(\$check\(array\(\'\\n\', \';\'\).+?value=\"&amp;\"\/><\/form>/is,
qr/<\?php\s+\@error_reporting\(0\);\@set_time_limit\(0\);\s+\$code=\"%3B.+?\$code=\@urldecode\(\$code\);\$code=\@strrev\(\$code\);\@eval\(\$code\);\s+\?>/is,

4
malwaresh.pl
View File

@ -26,6 +26,7 @@ print "Content-type: text/html\n\n";
my $user = $ARGV[0];
my @regexen = (
qr/<\?php\s+\/\/header\(.+?\\x30\"\]\(\);\?>/is,
qr/<\?php\s+\/\/header\(.+?\$([O0_]{1,6})=\(.+?\\x\d\d\"\]\(\);\?>/is,
qr/<\?php\s+\/\/header\(.+?\$([A-z0_]{1,20})=urldecode\(.+?\]\(\);\?>/is,
qr/<\?php\s+if \(isset\(\$\{\"_REQUE\"\.\"ST\"\}\[\'([A-z0-9_]{1,20})\'\]\)\)\{\$([A-z0-9_]{1,20})=\"assert\";\$([A-z0-9_]{1,20})\(\$\{\"_REQUEST\"\}\[\'([A-z0-9_]{1,20})\'\]\);exit;\} \/\/([A-z0-9_]{1,20})\s+if \(!extension_loaded\(\'IonCube_loader\'\)\).+?\?>\s+([A-z0-9_]{50,})\Z/is,
@ -1224,8 +1225,7 @@ my @regexen = (
qr/<\?php\s+ignore_user_abort\(\);.+?system\(base64_decode\(.+?system\(\'echo \"\* \* \* \* \* wget http:\/\/\'\.\$_SERVER\[\"HTTP_HOST\"\]\.\$_SERVER\[\"REQUEST_URI\"\]\.\'\" \| crontab\'\);\s+\?>/is,
qr/<\?php for\(\$o=0,\$e=\'&\\\'\(\)\*\+,-\.:\].+?\(:\)^\',\$d=\'\';\@ord\(\$e\[\$o\]\);\$o\+\+\)\{if\(\$o<16\)\{\$h\[\$e\[\$o\]\]=\$o;\}else\{\$d\.=\@chr\(\(\$h\[\$e\[\$o\]\]<<4\)\+\(\$h\[\$e\[\+\+\$o\]\]\)\);\}\}eval\(\$d\); \?>/is,
qr/<\?php\s+\$ver = \'abcdefghijklmnopqrstuvwxyz\';\s+\$check = \$ver\{.+?\(\$check\(array\(\'\\n\', \';\'\).+?value=\"&amp;\"\/><\/form>/is,
qr/<\?php\s+\@error_reporting\(0\);\@set_time_limit\(0\);\s+\$code=\"%3B.+?\$code=\@urldecode\(\$code\);\$code=\@strrev\(\$code\);\@eval\(\$code\);\s+\?>/is,