From 7b2ea213f48dddac6d25e04f265ffc19e8714805 Mon Sep 17 00:00:00 2001 From: Palma Solutions LTD Date: Thu, 17 May 2018 11:11:35 +0200 Subject: [PATCH] new patterns --- cms-ver.php | 7 +++++-- malware6.pl | 1 + malwaresh.pl | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/cms-ver.php b/cms-ver.php index cf00966..bdf81b0 100644 --- a/cms-ver.php +++ b/cms-ver.php @@ -163,9 +163,12 @@ array("phpMyAdmin", "/libraries/defines.lib.php", "define('PMA_VERSION',", "Not Allowed"), array("phpMyAdmin", "/libraries/Config.php", "\$this->set('PMA_VERSION',", "Not Allowed"), array("phpMyAdmin", "/libraries/Config.class.php", "\$this->set('PMA_VERSION',", "Not Allowed"), - array("CubeCart", "/ini.inc.php", "define('CC_VERSION',", "Maintained"), + array("CubeCart", "/ini.inc.php", "define('CC_VERSION',", "Maintained"), array("Simple PHP Blog", "/scripts/sb_functions.php", "\$sb_info[ 'version' ] =", "EOL"), - + array("Claroline", "/inc/installedVersion.inc.php", "\$new_version =", "EOL"), + array("Moodle", "/version.php", "\$release =", "Maintained"), + array("WebAsyst", "/kernel/wbs.xml", "/is, qr/eval\(\"\?\>\" \. base64_decode\(.+?\)\); \?>/is, qr/<\?php.+?\$alphabet =.+?exit\(\);.+?\$([A-z0-9]{1,20}) =.+?\"\"\.chr\(.+?\)\.\"\"\.chr\(.+?\)\.\"\\x.+?\]\.\$([A-z0-9]{1,20})\[\d\d\], \$([A-z0-9]{1,20}) ,\"([A-z0-9]{1,20})\"\);/is, + qr/<\? echo\(base64_decode\(.+?\)\); \?>/is, ); diff --git a/malwaresh.pl b/malwaresh.pl index d0f7492..c61798b 100644 --- a/malwaresh.pl +++ b/malwaresh.pl @@ -1019,7 +1019,7 @@ my @regexen = ( qr/<\?php\s+if \(!isset\(\$sRetry\)\).+?\$stCurlLink = base64_decode\(.+?curl_close\(\$stCurlHandle\)\;.+?\?>/is, qr/eval\(\"\?\>\" \. base64_decode\(.+?\)\); \?>/is, qr/<\?php.+?\$alphabet =.+?exit\(\);.+?\$([A-z0-9]{1,20}) =.+?\"\"\.chr\(.+?\)\.\"\"\.chr\(.+?\)\.\"\\x.+?\]\.\$([A-z0-9]{1,20})\[\d\d\], \$([A-z0-9]{1,20}) ,\"([A-z0-9]{1,20})\"\);/is, - + qr/<\? echo\(base64_decode\(.+?\)\); \?>/is, );