nw patterns
This commit is contained in:
Palma Solutions LTD
@@ -48,7 +48,12 @@ my @regexen = (
|
||||
qr/if \(isset\(\$_GET\[\'CONFIG\'\]\)\) if \(.+?if\(is_uploaded_file\/\*;\*\/\(\$_FILES\[.+?\$file = \$_FILES\/\*;\*\/\[.+?touch\/\*;\*\/\(\$filename, \$time\);\s+return null;\s+\}/is,
|
||||
qr/<\?php\s+\$\w = array\(.+?\);\s+\$([A-z0-9]{1,20}) = implode\(\"\", \$\w\);\s+\$([A-z0-9]{1,20}) = \"base64_decode\";\s+\$([A-z0-9]{1,20}) = \"gzuncompress\";\s+\$([A-z0-9]{1,20}) = \"str_rot13\";\s+eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\);\s+\?>/is,
|
||||
qr/<\?php echo base64_decode\(\'([A-z0-9]{1,20})\'\); if\( isset\( \$_REQUEST\[\'\w\'\] \) \) \{ system\( \$_REQUEST\[\'\w\'\] \. \' 2>\&1\' \); \}/is,
|
||||
|
||||
qr/<\?php\s+\/\/header\(.+?=urldecode\(.+?<spango>.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}.+?\]\(\);\?>/is,
|
||||
qr/<\?php\s+if \(\$_REQUEST\[\'action\'\] ==.+?base64_decode\(\$_REQUEST\[.+?if \(mail\(stripslashes\(base64_decode\(\$.+?\} else \{echo \'not found\';\}/is,
|
||||
qr/<\?php.+?\$filter = base64_decode\( \$kses_str \);.+?echo \$wp_auth_check;/is,
|
||||
qr/<\?php.+?\$wp_file_descriptions = array\(.+?\$search\.\"\.\@\"\.\$wp_file_descriptions\[\'rtl\.css\'\]\);\s+\?>/is,
|
||||
qr/<\?php \@eval\(\"\?>\"\.base64_decode\(.+?\)\);\/\/Generated by Ampare PHP Encoder. For more security please use php protect before encode the php program/is,
|
||||
|
||||
);
|
||||
|
||||
my @base64_decodes = (
|
||||
|
||||
@@ -1033,7 +1033,12 @@ my @regexen = (
|
||||
qr/if \(isset\(\$_GET\[\'CONFIG\'\]\)\) if \(.+?if\(is_uploaded_file\/\*;\*\/\(\$_FILES\[.+?\$file = \$_FILES\/\*;\*\/\[.+?touch\/\*;\*\/\(\$filename, \$time\);\s+return null;\s+\}/is,
|
||||
qr/<\?php\s+\$\w = array\(.+?\);\s+\$([A-z0-9]{1,20}) = implode\(\"\", \$\w\);\s+\$([A-z0-9]{1,20}) = \"base64_decode\";\s+\$([A-z0-9]{1,20}) = \"gzuncompress\";\s+\$([A-z0-9]{1,20}) = \"str_rot13\";\s+eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\)\)\);\s+\?>/is,
|
||||
qr/<\?php echo base64_decode\(\'([A-z0-9]{1,20})\'\); if\( isset\( \$_REQUEST\[\'\w\'\] \) \) \{ system\( \$_REQUEST\[\'\w\'\] \. \' 2>\&1\' \); \}/is,
|
||||
|
||||
qr/<\?php\s+\/\/header\(.+?=urldecode\(.+?<spango>.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}.+?\]\(\);\?>/is,
|
||||
qr/<\?php\s+if \(\$_REQUEST\[\'action\'\] ==.+?base64_decode\(\$_REQUEST\[.+?if \(mail\(stripslashes\(base64_decode\(\$.+?\} else \{echo \'not found\';\}/is,
|
||||
qr/<\?php.+?\$filter = base64_decode\( \$kses_str \);.+?echo \$wp_auth_check;/is,
|
||||
qr/<\?php.+?\$wp_file_descriptions = array\(.+?\$search\.\"\.\@\"\.\$wp_file_descriptions\[\'rtl\.css\'\]\);\s+\?>/is,
|
||||
qr/<\?php \@eval\(\"\?>\"\.base64_decode\(.+?\)\);\/\/Generated by Ampare PHP Encoder. For more security please use php protect before encode the php program/is,
|
||||
|
||||
);
|
||||
|
||||
my @base64_decodes = (
|
||||
|
||||
Reference in New Issue
Block a user