Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD 2018-04-25 20:23:26 +02:00
parent 8f3dce22d7
commit 2f967bb29c
3 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cms-ver.php
View File

@ -214,6 +214,7 @@ $versiondouble = array (
array("Joomla 1.6/1.7", "/libraries/cms/version.php", "\$RELEASE =", "\$DEV_LEVEL ="), array("Joomla 1.6/1.7", "/libraries/cms/version.php", "\$RELEASE =", "\$DEV_LEVEL ="),
array("Joomla 2.5/3.x", "/libraries/cms/version/version.php", "\$RELEASE =", "\$DEV_LEVEL ="), array("Joomla 2.5/3.x", "/libraries/cms/version/version.php", "\$RELEASE =", "\$DEV_LEVEL ="),
array("Joomla 3.5+", "/libraries/cms/version/version.php", "const RELEASE =", "const DEV_LEVEL ="), array("Joomla 3.5+", "/libraries/cms/version/version.php", "const RELEASE =", "const DEV_LEVEL ="),
array("CS-Cart", "config.php", "define('PRODUCT_NAME',", "define('PRODUCT_VERSION',"),
); );

1
malware5.pl
View File

@ -289,6 +289,7 @@ my @regexen = (
qr/<\?php\s+\$wphash.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\).+?\$ErrorMsg\s+\=\s+mysql\_error\(\)\;.+?\}\s+\?>/is, qr/<\?php\s+\$wphash.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\).+?\$ErrorMsg\s+\=\s+mysql\_error\(\)\;.+?\}\s+\?>/is,
qr/<\?php\s+\$auth\_pass\s+\=.+?\(base64\_decode\(.+?\)\;\$\_\=create\_function\(\"\"\,\@gzuncompress\(\$\_\_\)\)\;\$\_\(\)\;\?>/is, qr/<\?php\s+\$auth\_pass\s+\=.+?\(base64\_decode\(.+?\)\;\$\_\=create\_function\(\"\"\,\@gzuncompress\(\$\_\_\)\)\;\$\_\(\)\;\?>/is,
qr/<\?php\s+\$zend\_framework\=\"\\x\d\d.+?\"\;\s+\@error\_reporting\(0\)\;\s+\$zend\_framework\(\"\"\,.+?\\x\d\w\"\)\;\s+\?>/is, qr/<\?php\s+\$zend\_framework\=\"\\x\d\d.+?\"\;\s+\@error\_reporting\(0\)\;\s+\$zend\_framework\(\"\"\,.+?\\x\d\w\"\)\;\s+\?>/is,
qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,
); );

1
malwaresh.pl
View File

@ -769,6 +769,7 @@ my @regexen = (
qr/<\?php\s+\$wphash.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\).+?\$ErrorMsg\s+\=\s+mysql\_error\(\)\;.+?\}\s+\?>/is, qr/<\?php\s+\$wphash.+?\$rootpath\s+\=\s+preg\_replace\(\'\/\(htdocs\|httpdocs\|www\).+?\$ErrorMsg\s+\=\s+mysql\_error\(\)\;.+?\}\s+\?>/is,
qr/<\?php\s+\$auth\_pass\s+\=.+?\(base64\_decode\(.+?\)\;\$\_\=create\_function\(\"\"\,\@gzuncompress\(\$\_\_\)\)\;\$\_\(\)\;\?>/is, qr/<\?php\s+\$auth\_pass\s+\=.+?\(base64\_decode\(.+?\)\;\$\_\=create\_function\(\"\"\,\@gzuncompress\(\$\_\_\)\)\;\$\_\(\)\;\?>/is,
qr/<\?php\s+\$zend\_framework\=\"\\x\d\d.+?\"\;\s+\@error\_reporting\(0\)\;\s+\$zend\_framework\(\"\"\,.+?\\x\d\w\"\)\;\s+\?>/is, qr/<\?php\s+\$zend\_framework\=\"\\x\d\d.+?\"\;\s+\@error\_reporting\(0\)\;\s+\$zend\_framework\(\"\"\,.+?\\x\d\w\"\)\;\s+\?>/is,
qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,