fixes & patterns
This commit is contained in:
Palma Solutions LTD
parent
132d0c36e2
commit
fb03289e34
@ -130,6 +130,7 @@ $versions = array(
|
||||
array("Agora Cart", "/agora.cgi", "\/versions\/"),
|
||||
array("CKeditor", "/ckeditor/CHANGES.html", "CKEditor Changelog"),
|
||||
array("Dokeos", "main/inc/installedVersion.inc.php", "\$dokeos_version"),
|
||||
array("CakePHP","cake/config/config.php","\$config['Cake.version'] ="),
|
||||
|
||||
// still need to work on these
|
||||
array("CubeCart", "/index.php", "CubeCart v"), // may need one more line
|
||||
@ -280,7 +281,7 @@ foreach(glob("../{**/*,*}".$rxw[1], GLOB_BRACE) as $versionfilex){
|
||||
|
||||
|
||||
// fix for scripts installed in docroot
|
||||
foreach(glob("../".$raw[1], GLOB_BRACE) as $versionfilex) {
|
||||
foreach(glob("../".$rxw[1], GLOB_BRACE) as $versionfilex) {
|
||||
$file = file_get_contents($versionfilex);
|
||||
$pattern1 = preg_quote($rxw[2], '/');
|
||||
$pattern2 = preg_quote($rxw[3], '/');
|
||||
@ -288,7 +289,7 @@ foreach(glob("../".$raw[1], GLOB_BRACE) as $versionfilex) {
|
||||
$pattern = "/^.*$pattern1.*\$|^.*$pattern2.*\$|^.*$pattern3.*\$/m";
|
||||
if(preg_match_all($pattern, $file, $matches)){
|
||||
echo "<br />";
|
||||
echo "<strong>".$raw[0]." found:</strong><br />";
|
||||
echo "<strong>".$rxw[0]." found:</strong><br />";
|
||||
echo implode("<br />", $matches[0]);
|
||||
echo "<br />";
|
||||
print_r ("location:".$versionfilex);
|
||||
|
||||
@ -204,7 +204,8 @@ my @regexen = (
|
||||
qr/<\?php\s+echo.+?\.php\_uname\(\)\..+?Upload.+?Upload.+?Upload.+?\}\s+\}\s+\?>/is,
|
||||
qr/<\?php\s+\$.+?\'gz\'\.\s+\'un\'\.\s+\'co\'\.\s+\'mp\'\.\s+\'re\'\.\s+\'ss\'.+?\'bas\'\s+\.\'e64\'\s+\.\'\_de\'\s+\.\'cod\'\s+\.\'e\'.+?\'i\'\s+\.\'m\'\s+\.\'p\'\s+\.\'l\'\s+\.\'o\'\s+\.\'d\'\s+\.\'e\'.+?array\(.+?eval\(.+?\)\)\)\)\;\s+\?>/is,
|
||||
qr/<\?php\s+\$([A-z0-9]{1,20})\s+\=\s+\'s\'\.\'t\'\.\'r\'\.\'r\'\.\'e\'\.\'v\'\;\$([A-z0-9]{1,20})\s+\=\s+array\(.+?\(\'et\'\.\'al\'\.\'fn\'\.\'iz\'\.\'g\'\)\;eval\(\$.+?\)\)\)\)\;\s+\?>/is,
|
||||
|
||||
qr/<\?php\s+eval\(\"\\n\\\$([A-z0-9]{1,20})\s+\=\s+intval\(\_\_LINE\_\_\)\s+\*\s+337\;\"\)\;.+?eval\s+\(gzinflate\(base64\_decode\(\$\w\)\)\)\;/is,
|
||||
qr/<\?php\s+\$([A-z0-9]{1,20})\=\$\_POST\[\'([A-z0-9]{1,20})\'\]\;if\(\$([A-z0-9]{1,20})\!\=\'\'\)\{\$([A-z0-9]{1,20})\=base64\_decode\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\@eval\(\"\\\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\;\"\)\;\}/is,
|
||||
|
||||
);
|
||||
|
||||
|
||||
3
scan.php
3
scan.php
@ -225,7 +225,6 @@ error_reporting(E_ALL);
|
||||
"return rawurlencode\(rawurlencode\(",
|
||||
"=array_map\(\"ba\".\"se6\".\"4\".\"_decode\",array\(\'\',str_replace\(",
|
||||
"d.=sprintf\(\(substr\(urlencode\(print_r\(array\(",
|
||||
"eval\(gzinflate\(base64_decode\(",
|
||||
"eval\(gzinflate\(str_rot13\(base64_decode\(",
|
||||
"eval\(gzinflate\(base64_decode\(str_rot13\(",
|
||||
"eval\(gzinflate\(base64_decode\(base64_decode\(",
|
||||
@ -482,6 +481,8 @@ error_reporting(E_ALL);
|
||||
"facebook\.com\/luan\.santo\.5437",
|
||||
"wtuds",
|
||||
"eval(atob",
|
||||
"PCT4BA6ODSE_",
|
||||
"@base64_decode\(\$",
|
||||
);
|
||||
|
||||
foreach ($tree as $finfo)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user