new patterns
This commit is contained in:
Palma Solutions LTD
parent
2d4367ae38
commit
f4b10d1e65
@ -1373,6 +1373,9 @@ my @regexen = (
|
|||||||
qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
|
qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
|
||||||
qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
|
qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
|
||||||
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
||||||
|
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?6.+?4.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
||||||
|
qr/<\?php\s+\$.+?if\(!function_exists\(\'str_ireplace\'\)\)\{function str_ireplace\(\$from,\$to,\$string\)\{return trim\(preg_replace\(\"\/\"\.addcslashes\(\$from,\"\?\:\\\\\/\*\^\$\"\)\.\"\/si\",\$to,\$string\)\);\}\};\$.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x4f\\x4f\\x4f\\x30\\x4f\\x5f\\x30\\x30\\x5f\\x5f\"\]\(\);\?>/is,
|
||||||
|
qr/<\?php.+?\$filter = \'base\'\.\'6\'\.\'4\'\.\'_decode\';.+?\$prepare_func = \'g\'\.\'z\'\.\'inflate\';.+?return \@\$prepare_func\( \$filter \);.+?\}\s+wp_admin_bar_header\(\);/is,
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1383,7 +1383,11 @@ my @regexen = (
|
|||||||
qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
|
qr/<\?php\s+if\(isset\(\$_POST\[.+?\$index=\$_SERVER\[\'DOCUMENT_ROOT\'\]\.base64_decode\(strtr\(\$_POST\[\'filename\'\].+?\@touch\(\$index,strtotime\(\"-400 days\"\)\);echo \'ok\';\s+\}\s+\?>/is,
|
||||||
qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
|
qr/<\?php if \(isset\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) and md5\(\$_COOKIE\[\"([A-z0-9_]{1,10})\"\]\) ==\"([A-z0-9_]{1,32})\"\) \{unlink\(__FILE__\); die\(md5\(([A-z0-9_]{1,10})\)\);\}/is,
|
||||||
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?4.+?6.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
||||||
|
qr/<\?php\s+\$md5 = \"([A-z0-9_]{1,32})\";\s+\$([A-z0-9_]{1,5}) = array\(.+?6.+?4.+?\);\s+\$([A-z0-9_]{1,32}) = create_function\(.+?\'\);\s+\?>/is,
|
||||||
|
qr/<\?php\s+\$.+?if\(!function_exists\(\'str_ireplace\'\)\)\{function str_ireplace\(\$from,\$to,\$string\)\{return trim\(preg_replace\(\"\/\"\.addcslashes\(\$from,\"\?\:\\\\\/\*\^\$\"\)\.\"\/si\",\$to,\$string\)\);\}\};\$.+?\$\{\"\\x47\\x4c\\x4f\\x42\\x41\\x4c\\x53\"\}\[\"\\x4f\\x4f\\x4f\\x30\\x4f\\x5f\\x30\\x30\\x5f\\x5f\"\]\(\);\?>/is,
|
||||||
|
qr/<\?php.+?\$filter = \'base\'\.\'6\'\.\'4\'\.\'_decode\';.+?\$prepare_func = \'g\'\.\'z\'\.\'inflate\';.+?return \@\$prepare_func\( \$filter \);.+?\}\s+wp_admin_bar_header\(\);/is,
|
||||||
|
|
||||||
|
|
||||||
);
|
);
|
||||||
|
|
||||||
my @base64_decodes = (
|
my @base64_decodes = (
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user