Add a test for "AddType application/x-httpd-cgi"

author: jvoisin 2017-03-03 10:59:00 +0100
committer: jvoisin 2017-03-03 10:59:00 +0100
commit: a13e01e548d4870afa7c2572dfa35f3600b1b71e (patch)
tree: bd8f449dbf001155cc2ae652a45648f9b1284f40
parent: dfe0fa93925d08fbede127796f7d7793dc04485b (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index 184e5ce..82d1235 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -80,7 +80,7 @@ rule DodgyStrings
 {
    strings:
        $ = ".bash_history"
-        $ = /AddType\s+application\/x-httpd-php/ nocase
+        $ = /AddType\s+application\/x-httpd-(php|cgi)/ nocase
        $ = /php_value\s*auto_prepend_file/ nocase
        $ = /SecFilterEngine\s+Off/ nocase  // disable modsec
        $ = /Add(Handler|Type|OutputFilter)\s+[^\s]+\s+\.htaccess/ nocase
author	jvoisin	2017-03-03 10:59:00 +0100
committer	jvoisin	2017-03-03 10:59:00 +0100
commit	a13e01e548d4870afa7c2572dfa35f3600b1b71e (patch)
tree	bd8f449dbf001155cc2ae652a45648f9b1284f40
parent	dfe0fa93925d08fbede127796f7d7793dc04485b (diff)

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar index 184e5ce..82d1235 100644 --- a/php-malware-finder/common.yar +++ b/php-malware-finder/common.yar
@@ -80,7 +80,7 @@ rule DodgyStrings
80	{	80	{
81	strings:	81	strings:
82	$ = ".bash_history"	82	$ = ".bash_history"
83	$ = /AddType\s+application\/x-httpd-php/ nocase	83	$ = /AddType\s+application\/x-httpd-(php\|cgi)/ nocase
84	$ = /php_value\s*auto_prepend_file/ nocase	84	$ = /php_value\s*auto_prepend_file/ nocase
85	$ = /SecFilterEngine\s+Off/ nocase // disable modsec	85	$ = /SecFilterEngine\s+Off/ nocase // disable modsec
86	$ = /Add(Handler\|Type\|OutputFilter)\s+[^\s]+\s+\.htaccess/ nocase	86	$ = /Add(Handler\|Type\|OutputFilter)\s+[^\s]+\s+\.htaccess/ nocase