Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD
2018-06-25 12:08:47 +02:00
parent 87969cb440
commit 1d19a347be
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
malware6.pl
View File

@@ -242,7 +242,10 @@ my @regexen = (
qr/<\?php \$([A-z0-9_]{1,20}) = \"a\" \. \"\\x73\" \. \"\" \. \"\\x73\" \. \"E\" \. \"\\x72\" \. \"t\";\@\$.+?\"\\x29\" \. \"\\x29\" \. \"\" \. \"\\x29\" \. \"\\x3b\"\);exit;/is,
qr/<\?php if\(isset\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\(\$([A-z0-9_]{1,20})= \$_POST\[\'([A-z0-9_]{1,20})\'\]\) && \@preg_replace\(\'\/ad\/e\',\'\@\'\.str_rot13\(\'riny\'\)\.\'\(\@eval\(base64_decode\(\$_POST\[([A-z0-9_]{1,20})\]\)\);\)\', \'add\'\);\}/is,
qr/<\?php class Bx\{static private \$_alpha=\".+?break;\}return implode\(\"\",\$x\);\}\}\$Bx=new Bx\(\);\@eVaL\(\$Bx->d\(\'.+?\'\)\);/is,
qr/<title>Vuln!! patch it Now!<\/title>\s+<\?php\s+echo \'<form action=\"\".+?Shell Uploaded ! :\)<b><br><br>\'; \}\s+else \{ echo \'<b>Not uploaded ! <\/b><br><br>\'; \}\s+\}\s+\?>/is,
qr/<\? eval\(gzinflate\(strrev\(unserialize\(str_rot13\(base64_decode\(.+?\)\)\)\)\)\); \?>/is,
qr/<\?php \$ip = getenv\(\"REMOTE_ADDR\"\);.+?Link Mailer.+?mail\(\$bilsnd,\$bilsub,\$bilsmg,\$bilhead,\$message\); \?>/is,

3
malwaresh.pl
View File

@@ -1230,6 +1230,9 @@ my @regexen = (
qr/<\?php \$([A-z0-9_]{1,20}) = \"a\" \. \"\\x73\" \. \"\" \. \"\\x73\" \. \"E\" \. \"\\x72\" \. \"t\";\@\$.+?\"\\x29\" \. \"\\x29\" \. \"\" \. \"\\x29\" \. \"\\x3b\"\);exit;/is,
qr/<\?php if\(isset\(\$_POST\[\'([A-z0-9_]{1,20})\'\]\)\)\{\(\$([A-z0-9_]{1,20})= \$_POST\[\'([A-z0-9_]{1,20})\'\]\) && \@preg_replace\(\'\/ad\/e\',\'\@\'\.str_rot13\(\'riny\'\)\.\'\(\@eval\(base64_decode\(\$_POST\[([A-z0-9_]{1,20})\]\)\);\)\', \'add\'\);\}/is,
qr/<\?php class Bx\{static private \$_alpha=\".+?break;\}return implode\(\"\",\$x\);\}\}\$Bx=new Bx\(\);\@eVaL\(\$Bx->d\(\'.+?\'\)\);/is,
qr/<title>Vuln!! patch it Now!<\/title>\s+<\?php\s+echo \'<form action=\"\".+?Shell Uploaded ! :\)<b><br><br>\'; \}\s+else \{ echo \'<b>Not uploaded ! <\/b><br><br>\'; \}\s+\}\s+\?>/is,
qr/<\? eval\(gzinflate\(strrev\(unserialize\(str_rot13\(base64_decode\(.+?\)\)\)\)\)\); \?>/is,
qr/<\?php \$ip = getenv\(\"REMOTE_ADDR\"\);.+?Link Mailer.+?mail\(\$bilsnd,\$bilsub,\$bilsmg,\$bilhead,\$message\); \?>/is,