Malin/LP-MSH-Scanner
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new patterns

Browse Source
This commit is contained in:
Palma Solutions LTD
2018-05-03 14:23:08 +02:00
parent 4688bac84f
commit ef7fb5d874
3 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cms-ver.php
View File

@@ -138,6 +138,7 @@ $versions = array(
array("PHPDevShell", "/includes/PHPDS.inc.php", "define('phpdevshell_version', 'PHPDevShell V"),
array("phpAds", "/libraries/lib-dbconfig.inc.php", "\$phpAds_version_readable ="),
array("Smarty Framework", "/smarty/libs/Smarty.class.php", "var \$_version"),
array("phpDealerLocator", "/config.php", "phpDealerLocator v"),
// still need to work on these
array("CubeCart", "/index.php", "CubeCart v"), // may need one more line

5
malware5.pl
View File

@@ -400,6 +400,11 @@ my @regexen = (
qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
qr/<\?php\s+\$files\s+\=\s+\@\$\_FILES\[\"files\"\]\;.+?OK\-Click\s+here\!.+?<title>Upload\s+files<\/title>.+?\?>/is,
qr/<\?php\s+ignore\_user\_abort\(true\)\;+?\$unzip\_path\s+\=\s+\$dir\_path\.\'unzip\.php\'\;.+?echo\s+getURL\(\$url\)\;\s+\}\s+exit\;\s+\}\s+\}\s+\}\s+\?>/is,
qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,

7
malwaresh.pl
View File

@@ -883,7 +883,12 @@ my @regexen = (
qr/<\?php\s+eval\(stripslashes\(\$\_REQUEST\[\".+?\"\]\)\)\;\s+\?>/is,
qr/<\?php\s+\@include\(\"http\:\/\/pastie\.org\/([A-z0-9]{1,20})\.txt\"\)\;\s+\?>/is,
qr/<\?php\s+\@include\(\"http\:\/\/.+?\.txt\"\)\;\s+\?>/is,
qr/<\?php\s+\$files\s+\=\s+\@\$\_FILES\[\"files\"\]\;.+?OK\-Click\s+here\!.+?<title>Upload\s+files<\/title>.+?\?>/is,
qr/<\?php\s+ignore\_user\_abort\(true\)\;+?\$unzip\_path\s+\=\s+\$dir\_path\.\'unzip\.php\'\;.+?echo\s+getURL\(\$url\)\;\s+\}\s+exit\;\s+\}\s+\}\s+\}\s+\?>/is,
qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/hastebin\.com\/raw\/.+?fclose\(\$op3\)\;\s+\?>/is,
qr/<\?php\s+function\s+http\_get\(\$url\)\{.+?\/wp\-includes\/wp\-footer\.php.+?\/wp\-admin\/shapes\.php.+?https\:\/\/pastebin\.com\/raw\/.+?\?>/is,
qr/<\?php\s+if\(\$\_POST\[\'Copy\'\]\)\{\s+\$\_\=\"b\"\/\*\*\/\.\"ase64\_decode\"\;\s+preg\_replace\(\"\/\^\/e\"\,\$\_\(\".+?\"\)\,0\)\;\s+\}\s+\?>/is,
);
my @base64_decodes = (