From dda76ee51a3023b243ac895f414ea1a41ede1a49 Mon Sep 17 00:00:00 2001 From: Palma Solutions LTD Date: Wed, 2 Jan 2019 12:47:18 +0100 Subject: [PATCH] fixes --- malwaresh.pl | 3 ++- scan.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/malwaresh.pl b/malwaresh.pl index e3da551..5d501fb 100644 --- a/malwaresh.pl +++ b/malwaresh.pl @@ -1368,7 +1368,8 @@ my @regexen = ( qr/<\?php\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\],\'-_,\',\'+\/=\'\)\);\s+\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is, qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$a =base64_decode\(strtr\(\$_POST\[\'.+?\'\], \'-_,\', \'+\/=\'\)\);\s+\$a=\'<\?php \'\.\$a\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$a\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is, qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is, - + qr/<\?php\s+error_reporting\(0\);\s+ini_set\(\'display_errors\', 0\);\s+\$install_code =.+?\$install_hash = md5\(\$_SERVER\[\'HTTP_HOST\'\] \. AUTH_SALT\);.+?wp-includes\/class\.wp\.php\';\s+\}\s+\}\s+\?><\?php error_reporting\(0\);\?>/is, + ); diff --git a/scan.py b/scan.py index 393b7d5..62488e4 100644 --- a/scan.py +++ b/scan.py @@ -12,6 +12,7 @@ import os import re import fnmatch +import textwrap whitelist = [ '/lp-msh-scanner/', @@ -610,7 +611,7 @@ def is_hacked(filename): cleanup_available = True if cleanup_available and line_num == 1: cleanup_available = False - return {'filename': filename, + return {'filename': join(textwrap.wrap(filename, 200), 'score': total_score, 'mtime': os.stat(filename).st_mtime, 'ctime': os.stat(filename).st_ctime,