Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Palma Solutions LTD 2019-01-02 12:47:18 +01:00
parent 0273a8820c
commit dda76ee51a
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
malwaresh.pl
View File

@ -1368,6 +1368,7 @@ my @regexen = (
qr/<\?php\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\],\'-_,\',\'+\/=\'\)\);\s+\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is, qr/<\?php\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\],\'-_,\',\'+\/=\'\)\);\s+\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is,
qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$a =base64_decode\(strtr\(\$_POST\[\'.+?\'\], \'-_,\', \'+\/=\'\)\);\s+\$a=\'<\?php \'\.\$a\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$a\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is, qr/<\?php\s+error_reporting\(E_ERROR\);set_time_limit\(0\);\s+if\(isset\(\$_POST\[\'.+?\'\]\)\)\{\s+\$tofile=\'40\d\.php\';\s+\$a =base64_decode\(strtr\(\$_POST\[\'.+?\'\], \'-_,\', \'+\/=\'\)\);\s+\$a=\'<\?php \'\.\$a\.\'\?>\';\s+\@file_put_contents\(\$tofile,\$a\);\s+require_once\(\'40\d\.php\'\);\s+\@unlink\(\$tofile\);\s+exit;\s+\}\s+\?>/is,
qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is, qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\$b =base64_decode\(file_get_contents\(\$_POST\[\'b\'\]\)\);\s+\@file_put_contents\(\$index,\$b\);\s+echo \'ok\';\s+\}\s+\?>/is,
qr/<\?php\s+error_reporting\(0\);\s+ini_set\(\'display_errors\', 0\);\s+\$install_code =.+?\$install_hash = md5\(\$_SERVER\[\'HTTP_HOST\'\] \. AUTH_SALT\);.+?wp-includes\/class\.wp\.php\';\s+\}\s+\}\s+\?><\?php error_reporting\(0\);\?>/is,
); );

3
scan.py
View File

@ -12,6 +12,7 @@
import os import os
import re import re
import fnmatch import fnmatch
import textwrap
whitelist = [ whitelist = [
'/lp-msh-scanner/', '/lp-msh-scanner/',
@ -610,7 +611,7 @@ def is_hacked(filename):
cleanup_available = True cleanup_available = True
if cleanup_available and line_num == 1: if cleanup_available and line_num == 1:
cleanup_available = False cleanup_available = False
return {'filename': filename, return {'filename': join(textwrap.wrap(filename, 200),
'score': total_score, 'score': total_score,
'mtime': os.stat(filename).st_mtime, 'mtime': os.stat(filename).st_mtime,
'ctime': os.stat(filename).st_ctime, 'ctime': os.stat(filename).st_ctime,