new patterns
This commit is contained in:
Palma Solutions LTD
@@ -292,6 +292,13 @@ my @regexen = (
|
||||
qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,
|
||||
qr/<\?php\s+if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}exit\;\?>/is,
|
||||
qr/<\?php.+?\=\_\_FILE\_\_\;\$.+?\_\_LINE\_\_\;\$.+?eval\(\(base64\_decode\(.+?\)\)\)\;return\;\?>.+?\/([A-z0-9]{1,20})\=/is,
|
||||
qr/\$([A-z0-9]{1,20})\s+\=\s+\"\/index\/\?([A-z0-9]{1,20})\"\;.+?\{\$([A-z0-9]{1,20})\=\@fopen\(\$([A-z0-9]{1,20})\,base64\_decode\(.+?\)\)\;\$([A-z0-9]{1,20})\=json\_decode\(base64\_decode\(fread\(\$([A-z0-9]{1,20})\,filesize\(.+?\{setcookie\(base64\_decode\(\'.+?\'\)\,1\,time\(\)\+43200\,base64\_decode\(\'.+?\'\)\)\;echo\s+base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'.+?\'\)\;\}/is,
|
||||
qr/<\?php\s+\@set\_time\_limit\(9999\)\;.+?\$imgurl\s+\=\s+base64\_decode\(\$\_GET\[\'getimage\'\]\)\;.+?function\s+traffic\_counter\(\)\{.+?file\_put\_contents\(\$path\,\s+\$file\)\;\s+return\s+true\;\s+\}\s+\?>/is,
|
||||
qr/<\?php.+?wpsecurity.+?function\s+injectbody\_hide\(\$plugins\)\s+\{.+?\/\/\s+\}\s+\/\/\}\)\;/is,
|
||||
qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,
|
||||
qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
|
||||
qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
|
||||
|
||||
|
||||
);
|
||||
|
||||
|
||||
@@ -772,7 +772,12 @@ my @regexen = (
|
||||
qr/\$cookey\s+\=\s+\"([A-z0-9]{1,20})\"\;\s+preg\_replace\(\"\\x23.+?x3b\"\)\;/is,
|
||||
qr/<\?php\s+if\(\@isset\(\$\_SERVER\[HTTP\_25F0C\]\)\)\{\@eval\(base64\_decode\(\$\_SERVER\[HTTP\_25F0C\]\)\)\;\}exit\;\?>/is,
|
||||
qr/<\?php.+?\=\_\_FILE\_\_\;\$.+?\_\_LINE\_\_\;\$.+?eval\(\(base64\_decode\(.+?\)\)\)\;return\;\?>.+?\/([A-z0-9]{1,20})\=/is,
|
||||
|
||||
qr/\$([A-z0-9]{1,20})\s+\=\s+\"\/index\/\?([A-z0-9]{1,20})\"\;.+?\{\$([A-z0-9]{1,20})\=\@fopen\(\$([A-z0-9]{1,20})\,base64\_decode\(.+?\)\)\;\$([A-z0-9]{1,20})\=json\_decode\(base64\_decode\(fread\(\$([A-z0-9]{1,20})\,filesize\(.+?\{setcookie\(base64\_decode\(\'.+?\'\)\,1\,time\(\)\+43200\,base64\_decode\(\'.+?\'\)\)\;echo\s+base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'([A-z0-9]{20,})\'\)\.\$([A-z0-9]{1,20})\.base64\_decode\(\'.+?\'\)\;\}/is,
|
||||
qr/<\?php\s+\@set\_time\_limit\(9999\)\;.+?\$imgurl\s+\=\s+base64\_decode\(\$\_GET\[\'getimage\'\]\)\;.+?function\s+traffic\_counter\(\)\{.+?file\_put\_contents\(\$path\,\s+\$file\)\;\s+return\s+true\;\s+\}\s+\?>/is,
|
||||
qr/<\?php.+?wpsecurity.+?function\s+injectbody\_hide\(\$plugins\)\s+\{.+?\/\/\s+\}\s+\/\/\}\)\;/is,
|
||||
qr/<\?php.+?wpsupercache.+?function\s+injectscr\_hide\(\$plugins\)\s+\{.+?add\_filter\(\'all\_plugins\'\,\s+\'injectscr\_hide\'\)\;/is,
|
||||
qr/<script\s+data\-cfasync\=\'false\'\s+type\=\'text\/javascript\'>\s+eval\(function\(p\,a\,c\,k\,e\,d\)\{e\=function\(c\)\{return\(c<a\?\'\'\:e\(parseInt\(c\/a\)\)\).+?split\(\'\|\'\)\,0\,\{\}\)\)\s+<\/script>/is,
|
||||
qr/<\?php\s+if\s+\(isset\(\$\_POST\[\'upload\'\]\)\)\{.+?if\s+\(move\_uploaded\_file\(\$\_FILES\[\'uploadfile\'\]\[\'tmp\_name\'\]\,\s+\$uploadfile\)\).+?else\s+\{header\(\'Location\:\s+\.\.\/\.\.\/\'\)\;\}\s+\?>/is,
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user