Simplify the previous commit

author: Julien (jvoisin) Voisin 2016-03-01 13:40:34 +0100
committer: Julien (jvoisin) Voisin 2016-03-01 13:40:34 +0100
commit: 3c19560adfe33f7fb8a6be5dc7f3a30158ae44fd (patch)
tree: b008fa6908e39c5363c111ff60562436af6e0e29
parent: 6fe1ff710b5e543384b2c78eeee35c999b444364 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index edb1ffb..9ba8ff2 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -188,7 +188,7 @@ rule DodgyStrings
 {
    strings:
        $ = ".bash_history"
-        $ = /AddType\s+application\/x-httpd-php\s+\.htaccess/
+        $ = /AddType\s+application\/x-httpd-php/
        $ = ".mysql_history"
        $ = ".ssh/authorized_keys"
        $ = "/(.*)/e"  // preg_replace code execution
diff --git a/php-malware-finder/tests.sh b/php-malware-finder/tests.sh
index fe9141a..895e202 100755
--- a/php-malware-finder/tests.sh
+++ b/php-malware-finder/tests.sh
@@ -73,7 +73,7 @@ run_test artificial/dodgy.php '0x18d:$shellshock: () { :;};'
 run_test artificial/dodgy.php '0x169:$pr: preg_replace ("/\*/e'
 run_test artificial/dodgy.php '0x1e0:$user_function: call_user_func'
 run_test artificial/dodgy.php '0x1fd:$various: <!--#exec cmd='
-run_test artificial/dodgy.php '0x214:$: AddType application/x-httpd-php .htaccess'
+run_test artificial/dodgy.php '0x214:$: AddType application/x-httpd-php'
 run_test artificial/bypasses.php 'DodgyPhp'
 run_test artificial/bypasses.php '0x6d:$execution: call_user_func_array($_POST'
author	Julien (jvoisin) Voisin	2016-03-01 13:40:34 +0100
committer	Julien (jvoisin) Voisin	2016-03-01 13:40:34 +0100
commit	3c19560adfe33f7fb8a6be5dc7f3a30158ae44fd (patch)
tree	b008fa6908e39c5363c111ff60562436af6e0e29
parent	6fe1ff710b5e543384b2c78eeee35c999b444364 (diff)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index edb1ffb..9ba8ff2 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -188,7 +188,7 @@ rule DodgyStrings
188	{	188	{
189	strings:	189	strings:
190	$ = ".bash_history"	190	$ = ".bash_history"
191	$ = /AddType\s+application\/x-httpd-php\s+\.htaccess/	191	$ = /AddType\s+application\/x-httpd-php/
192	$ = ".mysql_history"	192	$ = ".mysql_history"
193	$ = ".ssh/authorized_keys"	193	$ = ".ssh/authorized_keys"
194	$ = "/(.*)/e" // preg_replace code execution	194	$ = "/(.*)/e" // preg_replace code execution


diff --git a/php-malware-finder/tests.sh b/php-malware-finder/tests.sh index fe9141a..895e202 100755 --- a/php-malware-finder/tests.sh +++ b/php-malware-finder/tests.sh
@@ -73,7 +73,7 @@ run_test artificial/dodgy.php '0x18d:$shellshock: () { :;};'
73	run_test artificial/dodgy.php '0x169:$pr: preg_replace ("/\*/e'	73	run_test artificial/dodgy.php '0x169:$pr: preg_replace ("/\*/e'
74	run_test artificial/dodgy.php '0x1e0:$user_function: call_user_func'	74	run_test artificial/dodgy.php '0x1e0:$user_function: call_user_func'
75	run_test artificial/dodgy.php '0x1fd:$various: <!--#exec cmd='	75	run_test artificial/dodgy.php '0x1fd:$various: <!--#exec cmd='
76	run_test artificial/dodgy.php '0x214:$: AddType application/x-httpd-php .htaccess'	76	run_test artificial/dodgy.php '0x214:$: AddType application/x-httpd-php'
77		77
78	run_test artificial/bypasses.php 'DodgyPhp'	78	run_test artificial/bypasses.php 'DodgyPhp'
79	run_test artificial/bypasses.php '0x6d:$execution: call_user_func_array($_POST'	79	run_test artificial/bypasses.php '0x6d:$execution: call_user_func_array($_POST'