added NextCloud/OwnCloud - fixed pattern
This commit is contained in:
Palma Solutions LTD
parent
39aa5ee676
commit
ca7011379c
@ -140,6 +140,7 @@ $versions = array(
|
||||
array("Smarty Framework", "/smarty/libs/Smarty.class.php", "var \$_version"),
|
||||
array("phpDealerLocator", "/config.php", "phpDealerLocator v"),
|
||||
array("CraftySyntax", "/admin_common.php", "CVS will be released with version"),
|
||||
array("NextCloud/OwnCloud", "/version.php", "\$OC_VersionString ="),
|
||||
|
||||
// still need to work on these
|
||||
array("CubeCart", "/index.php", "CubeCart v"), // may need one more line
|
||||
|
||||
@ -431,14 +431,14 @@ my @regexen = (
|
||||
qr/<\?\$sInjectPHP\s+\=\s+\"<iframe\s+src\=.+?function\s+Infect\(\$sDir\).+?closedir\(\$hDir\)\;\s+\}\s+\}\s+\?>/is,
|
||||
qr/<iframe\s+src\=\"http\:\/\/.+?\.php\?.+?\"\s+width\=\"0\"\s+height\=\"0\"\s+frameborder\=\"0\"><\/iframe>/is,
|
||||
qr/<\?\s+\@include\s+\$\_GET\[\"([A-z0-9]{1,20})\"\]\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?(.*r57.*|.*xpl.*|.*cmd.*|.*c99.*)\;\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?(r57|c99)\;\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
|
||||
qr/<\?php.+?preg\_replace\(\"\\x2F.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@ob\_start\(\)\;.+?if\s+\(\!isset\(\$\_COOKIE\[\'key\'\]\)\)\s+\{.+?\$func\=\"cr\"\.\"eat\"\.\"e\_fun\"\.\"cti\"\.\"on\"\;.+?\$remove\_tags\(\$content\)\;.+?return\s+\$content\;\s+\}/is,
|
||||
|
||||
|
||||
|
||||
);
|
||||
|
||||
my @base64_decodes = (
|
||||
|
||||
@ -914,13 +914,13 @@ my @regexen = (
|
||||
qr/<\?\$sInjectPHP\s+\=\s+\"<iframe\s+src\=.+?function\s+Infect\(\$sDir\).+?closedir\(\$hDir\)\;\s+\}\s+\}\s+\?>/is,
|
||||
qr/<iframe\s+src\=\"http\:\/\/.+?\.php\?.+?\"\s+width\=\"0\"\s+height\=\"0\"\s+frameborder\=\"0\"><\/iframe>/is,
|
||||
qr/<\?\s+\@include\s+\$\_GET\[\"([A-z0-9]{1,20})\"\]\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?(.*r57.*|.*xpl.*|.*cmd.*|.*c99.*)\;\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?(r57|c99)\;\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@include\(\"http\:\/\/.+?bypass\.txt\?\?\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+echo\s+base64\_decode\(\"([A-z0-9]{1,20})\"\)\;\s+\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+echo\s+\"MFTeaM\"\;\@include\(\"http\:\/\/.+?\"\)\;\s+\?>/is,
|
||||
qr/<\?php.+?preg\_replace\(\"\\x2F.+?\\x3B\"\,\"\\x2E\"\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\@ob\_start\(\)\;.+?if\s+\(\!isset\(\$\_COOKIE\[\'key\'\]\)\)\s+\{.+?\$func\=\"cr\"\.\"eat\"\.\"e\_fun\"\.\"cti\"\.\"on\"\;.+?\$remove\_tags\(\$content\)\;.+?return\s+\$content\;\s+\}/is,
|
||||
|
||||
|
||||
|
||||
|
||||
);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user