Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 'malware3.pl'

Browse Source
This commit is contained in:
Malin 2016-10-05 12:53:12 +02:00
parent 99072293b0
commit 3cd8ba54de
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
malware3.pl
View File

@ -25,8 +25,8 @@ my @regexen = (
qr/<script.+?G91825.+?<\/script>/is,
qr/<\?php\s+if\(\@md5\(\$\_SERVER\[\'HTTP\_PATH\'\]\)\=\=\=\'([A-z0-9]{1,32})\'\)\{\s+\@extract\(\$\_REQUEST\)\;\s+\@die\(\$stime\(\$mtime\)\)\;\s+\}\s+\?>/is,
# needs review qr/<\?php\s+if\(\!empty\(\$\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s+\{\s+\$userAgents\s+\=\s+array\(\"Google\"\,\s+\"Slurp\"\,\s+\"MSNBot\"\,\s+\"ia\_archiver\"\,\s+\"Yandex\"\,\s+\"Rambler\"\)\;\s+if\(preg\_match\(\'\/\'\s+\.\s+implode\(\'\|\'\,\s+\$userAgents\)\s+\.\s+\'\/i\'\,\s+\$\_SERVER\[\'HTTP\_USER\_AGENT\'\]\)\)\s+\{\s+header\(\'HTTP\/1\.0\s+404\s+Not\s+Found\'\)\;\s+exit\;\s+\}\s+\}.+?<input\s+type\=\"submit\"\s+value\=\"Sent\"\s+\/>\s+<\/form>\s+<\/body>\s+<\/html>\'\;/is,
qr/<\?php\s+\/\/header\(\"Content\-Type\:\s+text\/html\;\s+charset\=utf\-8\"\)\;\s+\$config\_password\=\"yt\"\;\s+\$action\=\$\_REQUEST\[\'action\'\]\;\s+\$password\=\$\_REQUEST\[\'password\'\]\;\s+if\(\$password\!\=\$config\_password\).+?function\s+createFolder\(\$path\)\s+\{\s+if\s+\(\!file\_exists\(\$path\)\)\s+\{\s+createFolder\(dirname\(\$path\)\)\;\s+mkdir\(\$path\,\s+0777\)\;\}\s+\}\s+\?>/is,
qr/<\?php\s+error\_reporting\(E\_ERROR\)\;\s+\$password\=\$\_REQUEST\[\'password\'\]\;\s+\$action\=\$\_REQUEST\[\'action\'\]\;\s+\$filename\=\$\_REQUEST\[\'filename\'\]\;\s+\$filepath\=\"\"\;\s+\$body\=stripslashes\(\$\_REQUEST\[\'body\'\]\)\;\s+if\(\$password\!\=\"abcdefgh\"\).+?echo\s+\"uploaded\"\;\s+\}\s+\?>/is,
# qr/<\?php\s+\/\/header\(\"Content\-Type\:\s+text\/html\;\s+charset\=utf\-8\"\)\;\s+\$config\_password\=\"yt\"\;\s+\$action\=\$\_REQUEST\[\'action\'\]\;\s+\$password\=\$\_REQUEST\[\'password\'\]\;\s+if\(\$password\!\=\$config\_password\).+?function\s+createFolder\(\$path\)\s+\{\s+if\s+\(\!file\_exists\(\$path\)\)\s+\{\s+createFolder\(dirname\(\$path\)\)\;\s+mkdir\(\$path\,\s+0777\)\;\}\s+\}\s+\?>/is,
# qr/<\?php\s+error\_reporting\(E\_ERROR\)\;\s+\$password\=\$\_REQUEST\[\'password\'\]\;\s+\$action\=\$\_REQUEST\[\'action\'\]\;\s+\$filename\=\$\_REQUEST\[\'filename\'\]\;\s+\$filepath\=\"\"\;\s+\$body\=stripslashes\(\$\_REQUEST\[\'body\'\]\)\;\s+if\(\$password\!\=\"abcdefgh\"\).+?echo\s+\"uploaded\"\;\s+\}\s+\?>/is,
qr/<div\s+style\=\"position\:\s+absolute\;\s+left\:\s+\-5000px\;\s+font\-size\:\s+0\.0\;\s+width\:\s+0\.0\;\s+height\:\s+1\.0\;\s+overflow\:\s+hidden\;\">.+?<\/a>.+?<\/div>/is,
qr/<div\s+style\=\"position\:\s+absolute\;\s+left\:\s+\-5000px\;\s+font\-size\:\s+0\.0\;\s+width\:\s+0\.0\;\s+height\:\s+1\.0\;\s+overflow\:\s+hidden\;\">.+?rel\=dofollow>.+?<\/a><\/h2>.+?<\/div>/is,