wordpress whitelist update

author: Julien "shaddai" Reveret 2016-08-26 16:57:13 +0200
committer: Julien "shaddai" Reveret 2016-08-26 16:57:13 +0200
commit: c58fff51d33f2067ec23a4b8bb4426f0f18150ee (patch)
tree: c4cf58d160772ff6ec7fc0f858bcc1091b3b59a4
parent: a1abe1716b90720ddbd368f37b24c1066a4c2c8e (diff)
1 files changed, 57 insertions, 1 deletions
diff --git a/php-malware-finder/whitelists/wordpress.yar b/php-malware-finder/whitelists/wordpress.yar
index 3583ce3..55044ef 100644
--- a/php-malware-finder/whitelists/wordpress.yar
+++ b/php-malware-finder/whitelists/wordpress.yar
@@ -364,17 +364,41 @@ private rule Wordpress : Blog
        hash.sha1(0, filesize) == "ccc4f836aafdf9d7323eb3b83902edac23e66250" or // wp-includes/load.php
        hash.sha1(0, filesize) == "8e82a4af96877e60d6e0c768171f19b36ac60196" or // wp-admin/includes/schema.php
        hash.sha1(0, filesize) == "4bfa19d7a879df5ee8cf3b22e4900661c0759fea" or // wp-admin/includes/class-ftp.php
+        hash.sha1(0, filesize) == "b7fd39d2ac1f13973569e5feff5e17b64e247a0e" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "c605d1224cf4b24ad2457dd87885de9030e20731" or // wp-includes/SimplePie/File.php
+        hash.sha1(0, filesize) == "eca359bf91e9f7ad1539417bbe7dab5ebfe0bcf5" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "8b5ce8366686fe524bcba135c4b6ffc03480769a" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "8c5ba6d965dbdb2b3e16e59f72e5a0b6559994f1" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "2d344715841e1762e65f34a4c63f9d13f517b084" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "879a7bd2948313764c701864fa065db5d20fbf2a" or // wp-includes/query.php
        /* Wordpress 4.4.1 */
        hash.sha1(0, filesize) == "bfbd2845d3c931b6db059d9e968aa8ba86e6a92c" or // wp-includes/class-IXR.php
        hash.sha1(0, filesize) == "b101b029420f3a93bf81c806be728863462f4898" or // wp-includes/functions.php
        hash.sha1(0, filesize) == "d07798ef2f94bf0d1d34287378013e67104d0f89" or // wp-includes/class-phpmailer.php
+        hash.sha1(0, filesize) == "64c328619d8ea6a21a04e55a500f4e05af718bf7" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "fc8a9e33a671118a69d36352bcd1e66e0c55516a" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "38217628cce1d6a52f17afc3ca6bf204e13fd26b" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "c312ae274a2b110de70fd767ccfcafc3231dcf31" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
        /* Wordpress 4.4.2 */
        hash.sha1(0, filesize) == "0248f8986d459efe56f888258f3588b1ab3f5c3e" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "6e99d2964ccc25e6c1cbec018acfd8e71d361b58" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "4e63ff8623f0b0e5f0f016711d0fcd3fd4dad7fb" or // wp-includes/formatting.php
        /* Wordpress 4.4.3 */
        hash.sha1(0, filesize) == "d5b3eb3d5606a6deff3df44b21c1a0b72ea3db22" or // wp-admin/includes/template.php
+        hash.sha1(0, filesize) == "ef1193d1b4dbf9d8d7ff46f0c91da73fb8b26530" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "ec6a2d6f19ba0020383097a0368e8905fbfd832f" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "18596b04313c48a4d5f83e0f79adb393b9f9e682" or // wp-includes/formatting.php
+       /* Wordpress 4.4.4 */                                                   
+        hash.sha1(0, filesize) == "a8970bf00185e6f515dd5a461ad3ba97a409fbeb" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "e4c1f5bfd8b4551d32b2b966bbc20a67c333e4b1" or // wp-includes/formatting.php
        /* Wordpress 4.5 */
        hash.sha1(0, filesize) == "d7b08235a591289efbb34dce747655e7bf3eb8a0" or // wp-includes/js/tinymce/tinymce.min.js
@@ -384,11 +408,43 @@ private rule Wordpress : Blog
        hash.sha1(0, filesize) == "e1e2beae1fd39713a557f3708712648b13a55594" or // wp-includes/load.php
        hash.sha1(0, filesize) == "559be10bef70c9a098eefc7d858ec568b803e34b" or // wp-admin/includes/schema.php
        hash.sha1(0, filesize) == "3f5c09257f346218dcbc424e68cb7f7536e9c415" or // wp-admin/includes/class-ftp.php
+        hash.sha1(0, filesize) == "f4581cc5d8d6f537f01929377186dd4276359b2d" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "268f4606d2309a9f5996410cae17c7adafc84fd3" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "7754fb3e64d575d78fb222eb1ee876a90104fbb1" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "97a611917ce4c3f8e11f2e763d894a3e1e2bba45" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "6f241327941dcfc47bc9560e64840030fa33082d" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "c6679fc46c084dac514238d5bee7c998470407e6" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "02b7d1b238568bd1d5c27950187e014b66ad84fc" or // wp-includes/formatting.php
+        hash.sha1(0, filesize) == "333f00a13cc2930a62d2297cbd768cf1b998bd55" or // wp-includes/deprecated.php
        /* Wordpress 4.5.1 */
        hash.sha1(0, filesize) == "39ae0d6483c7e6dd5591f65291902d531a46d212" or // wp-includes/js/tinymce/tinymce.min.js
        hash.sha1(0, filesize) == "097037e0796d61d62497c7112067baab49efb7e3" or // wp-includes/functions.php
+        hash.sha1(0, filesize) == "55bb1de0036e3d648e77c0680f472bc59223103d" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "640144656d09b8dbd02bb50b26b3731721e1b519" or // wp-includes/formatting.php
        /* Wordpress 4.5.3 */
-        hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3"    // wp-includes/load.php
+        hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "b8202b8801fbc236cb2baa52e95f845acdaddfe5" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "90168c265f327bbf1fa0a03277559252535193b5" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "bd4825cdd9770c2a56285f1a943405aac5d3f8b7" or // wp-includes/formatting.php
+        /* Wordpress 4.6 */
+        hash.sha1(0, filesize) == "01b00537f8ea6c0e7d567ce0cb85adafc0766293" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "73971e6d086c60ee8706fe3672427baf36cbfc47" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "40ecd46843d363a5b972b7fb58f5c7501f828bd3" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "620448d18321742dd574d3cc90b284d898d2c881" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "98cf7396f0e2fe49f20363ae524d4bacbf1e6b7a" or // wp-includes/js/tinymce/tinymce.min.js
+        hash.sha1(0, filesize) == "6e1c4904233c9e7cccabef93130cae63515d121f" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "dab050dcb7b3e879aefb6512711890e36235f60b" or // wp-includes/deprecated.php
+        hash.sha1(0, filesize) == "a59a22eaf8fe475582932ded5d78941abb987f63" or // wp-includes/class-IXR.php
+        hash.sha1(0, filesize) == "4d9ac49f01d52386b2a1008a89665f8d009b48f3" or // wp-admin/includes/template.php
+        hash.sha1(0, filesize) == "1d045097928a420aa2b0bdded2858e06103eff12" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "3c872daa02b246f059db6f2ccf4861bf2c0fc71e" or // wp-includes/functions.php
+        hash.sha1(0, filesize) == "4d14f4a0e6dee443781f8a4d0dcc179f05cb7508" or // wp-includes/formatting.php
+        hash.sha1(0, filesize) == "dfe0e8b745d516ee953c36a91f5e381868d1d9ee" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "42f94321c15d9d03ef6b108beebabf20a5e36f9e" or // wp-admin/includes/schema.php
+        hash.sha1(0, filesize) == "ed16b47ec6fbe3786d62fa0648a87ab225a5b498"    // wp-admin/includes/class-pclzip.php
 }
author	Julien "shaddai" Reveret	2016-08-26 16:57:13 +0200
committer	Julien "shaddai" Reveret	2016-08-26 16:57:13 +0200
commit	c58fff51d33f2067ec23a4b8bb4426f0f18150ee (patch)
tree	c4cf58d160772ff6ec7fc0f858bcc1091b3b59a4
parent	a1abe1716b90720ddbd368f37b24c1066a4c2c8e (diff)

diff --git a/php-malware-finder/whitelists/wordpress.yar b/php-malware-finder/whitelists/wordpress.yar index 3583ce3..55044ef 100644 --- a/php-malware-finder/whitelists/wordpress.yar +++ b/php-malware-finder/whitelists/wordpress.yar
@@ -364,17 +364,41 @@ private rule Wordpress : Blog
364	hash.sha1(0, filesize) == "ccc4f836aafdf9d7323eb3b83902edac23e66250" or // wp-includes/load.php	364	hash.sha1(0, filesize) == "ccc4f836aafdf9d7323eb3b83902edac23e66250" or // wp-includes/load.php
365	hash.sha1(0, filesize) == "8e82a4af96877e60d6e0c768171f19b36ac60196" or // wp-admin/includes/schema.php	365	hash.sha1(0, filesize) == "8e82a4af96877e60d6e0c768171f19b36ac60196" or // wp-admin/includes/schema.php
366	hash.sha1(0, filesize) == "4bfa19d7a879df5ee8cf3b22e4900661c0759fea" or // wp-admin/includes/class-ftp.php	366	hash.sha1(0, filesize) == "4bfa19d7a879df5ee8cf3b22e4900661c0759fea" or // wp-admin/includes/class-ftp.php
		367	hash.sha1(0, filesize) == "b7fd39d2ac1f13973569e5feff5e17b64e247a0e" or // wp-includes/post.php
		368	hash.sha1(0, filesize) == "c605d1224cf4b24ad2457dd87885de9030e20731" or // wp-includes/SimplePie/File.php
		369	hash.sha1(0, filesize) == "eca359bf91e9f7ad1539417bbe7dab5ebfe0bcf5" or // wp-includes/media.php
		370	hash.sha1(0, filesize) == "8b5ce8366686fe524bcba135c4b6ffc03480769a" or // wp-admin/includes/ajax-actions.php
		371	hash.sha1(0, filesize) == "8c5ba6d965dbdb2b3e16e59f72e5a0b6559994f1" or // wp-includes/comment.php
		372	hash.sha1(0, filesize) == "2d344715841e1762e65f34a4c63f9d13f517b084" or // wp-admin/includes/upgrade.php
		373	hash.sha1(0, filesize) == "879a7bd2948313764c701864fa065db5d20fbf2a" or // wp-includes/query.php
		374
367		375
368	/* Wordpress 4.4.1 */	376	/* Wordpress 4.4.1 */
369	hash.sha1(0, filesize) == "bfbd2845d3c931b6db059d9e968aa8ba86e6a92c" or // wp-includes/class-IXR.php	377	hash.sha1(0, filesize) == "bfbd2845d3c931b6db059d9e968aa8ba86e6a92c" or // wp-includes/class-IXR.php
370	hash.sha1(0, filesize) == "b101b029420f3a93bf81c806be728863462f4898" or // wp-includes/functions.php	378	hash.sha1(0, filesize) == "b101b029420f3a93bf81c806be728863462f4898" or // wp-includes/functions.php
371	hash.sha1(0, filesize) == "d07798ef2f94bf0d1d34287378013e67104d0f89" or // wp-includes/class-phpmailer.php	379	hash.sha1(0, filesize) == "d07798ef2f94bf0d1d34287378013e67104d0f89" or // wp-includes/class-phpmailer.php
		380	hash.sha1(0, filesize) == "64c328619d8ea6a21a04e55a500f4e05af718bf7" or // wp-includes/post.php
		381	hash.sha1(0, filesize) == "fc8a9e33a671118a69d36352bcd1e66e0c55516a" or // wp-includes/media.php
		382	hash.sha1(0, filesize) == "38217628cce1d6a52f17afc3ca6bf204e13fd26b" or // wp-includes/comment.php
		383	hash.sha1(0, filesize) == "c312ae274a2b110de70fd767ccfcafc3231dcf31" or // wp-includes/query.php
		384	hash.sha1(0, filesize) == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
372		385
373	/* Wordpress 4.4.2 */	386	/* Wordpress 4.4.2 */
374	hash.sha1(0, filesize) == "0248f8986d459efe56f888258f3588b1ab3f5c3e" or // wp-includes/load.php	387	hash.sha1(0, filesize) == "0248f8986d459efe56f888258f3588b1ab3f5c3e" or // wp-includes/load.php
		388	hash.sha1(0, filesize) == "6e99d2964ccc25e6c1cbec018acfd8e71d361b58" or // wp-includes/query.php
		389	hash.sha1(0, filesize) == "4e63ff8623f0b0e5f0f016711d0fcd3fd4dad7fb" or // wp-includes/formatting.php
		390
375		391
376	/* Wordpress 4.4.3 */	392	/* Wordpress 4.4.3 */
377	hash.sha1(0, filesize) == "d5b3eb3d5606a6deff3df44b21c1a0b72ea3db22" or // wp-admin/includes/template.php	393	hash.sha1(0, filesize) == "d5b3eb3d5606a6deff3df44b21c1a0b72ea3db22" or // wp-admin/includes/template.php
		394	hash.sha1(0, filesize) == "ef1193d1b4dbf9d8d7ff46f0c91da73fb8b26530" or // wp-admin/includes/ajax-actions.php
		395	hash.sha1(0, filesize) == "ec6a2d6f19ba0020383097a0368e8905fbfd832f" or // wp-includes/query.php
		396	hash.sha1(0, filesize) == "18596b04313c48a4d5f83e0f79adb393b9f9e682" or // wp-includes/formatting.php
		397
		398	/* Wordpress 4.4.4 */
		399	hash.sha1(0, filesize) == "a8970bf00185e6f515dd5a461ad3ba97a409fbeb" or // wp-admin/includes/ajax-actions.php
		400	hash.sha1(0, filesize) == "e4c1f5bfd8b4551d32b2b966bbc20a67c333e4b1" or // wp-includes/formatting.php
		401
378		402
379	/* Wordpress 4.5 */	403	/* Wordpress 4.5 */
380	hash.sha1(0, filesize) == "d7b08235a591289efbb34dce747655e7bf3eb8a0" or // wp-includes/js/tinymce/tinymce.min.js	404	hash.sha1(0, filesize) == "d7b08235a591289efbb34dce747655e7bf3eb8a0" or // wp-includes/js/tinymce/tinymce.min.js
@@ -384,11 +408,43 @@ private rule Wordpress : Blog
384	hash.sha1(0, filesize) == "e1e2beae1fd39713a557f3708712648b13a55594" or // wp-includes/load.php	408	hash.sha1(0, filesize) == "e1e2beae1fd39713a557f3708712648b13a55594" or // wp-includes/load.php
385	hash.sha1(0, filesize) == "559be10bef70c9a098eefc7d858ec568b803e34b" or // wp-admin/includes/schema.php	409	hash.sha1(0, filesize) == "559be10bef70c9a098eefc7d858ec568b803e34b" or // wp-admin/includes/schema.php
386	hash.sha1(0, filesize) == "3f5c09257f346218dcbc424e68cb7f7536e9c415" or // wp-admin/includes/class-ftp.php	410	hash.sha1(0, filesize) == "3f5c09257f346218dcbc424e68cb7f7536e9c415" or // wp-admin/includes/class-ftp.php
		411	hash.sha1(0, filesize) == "f4581cc5d8d6f537f01929377186dd4276359b2d" or // wp-includes/post.php
		412	hash.sha1(0, filesize) == "268f4606d2309a9f5996410cae17c7adafc84fd3" or // wp-includes/media.php
		413	hash.sha1(0, filesize) == "7754fb3e64d575d78fb222eb1ee876a90104fbb1" or // wp-admin/includes/ajax-actions.php
		414	hash.sha1(0, filesize) == "97a611917ce4c3f8e11f2e763d894a3e1e2bba45" or // wp-includes/comment.php
		415	hash.sha1(0, filesize) == "6f241327941dcfc47bc9560e64840030fa33082d" or // wp-admin/includes/upgrade.php
		416	hash.sha1(0, filesize) == "c6679fc46c084dac514238d5bee7c998470407e6" or // wp-includes/query.php
		417	hash.sha1(0, filesize) == "02b7d1b238568bd1d5c27950187e014b66ad84fc" or // wp-includes/formatting.php
		418	hash.sha1(0, filesize) == "333f00a13cc2930a62d2297cbd768cf1b998bd55" or // wp-includes/deprecated.php
		419
387		420
388	/* Wordpress 4.5.1 */	421	/* Wordpress 4.5.1 */
389	hash.sha1(0, filesize) == "39ae0d6483c7e6dd5591f65291902d531a46d212" or // wp-includes/js/tinymce/tinymce.min.js	422	hash.sha1(0, filesize) == "39ae0d6483c7e6dd5591f65291902d531a46d212" or // wp-includes/js/tinymce/tinymce.min.js
390	hash.sha1(0, filesize) == "097037e0796d61d62497c7112067baab49efb7e3" or // wp-includes/functions.php	423	hash.sha1(0, filesize) == "097037e0796d61d62497c7112067baab49efb7e3" or // wp-includes/functions.php
		424	hash.sha1(0, filesize) == "55bb1de0036e3d648e77c0680f472bc59223103d" or // wp-admin/includes/ajax-actions.php
		425	hash.sha1(0, filesize) == "640144656d09b8dbd02bb50b26b3731721e1b519" or // wp-includes/formatting.php
391		426
392	/* Wordpress 4.5.3 */	427	/* Wordpress 4.5.3 */
393	hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3" // wp-includes/load.php	428	hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3" or // wp-includes/load.php
		429	hash.sha1(0, filesize) == "b8202b8801fbc236cb2baa52e95f845acdaddfe5" or // wp-admin/includes/ajax-actions.php
		430	hash.sha1(0, filesize) == "90168c265f327bbf1fa0a03277559252535193b5" or // wp-admin/includes/upgrade.php
		431	hash.sha1(0, filesize) == "bd4825cdd9770c2a56285f1a943405aac5d3f8b7" or // wp-includes/formatting.php
		432
		433	/* Wordpress 4.6 */
		434	hash.sha1(0, filesize) == "01b00537f8ea6c0e7d567ce0cb85adafc0766293" or // wp-includes/post.php
		435	hash.sha1(0, filesize) == "73971e6d086c60ee8706fe3672427baf36cbfc47" or // wp-includes/media.php
		436	hash.sha1(0, filesize) == "40ecd46843d363a5b972b7fb58f5c7501f828bd3" or // wp-admin/includes/ajax-actions.php
		437	hash.sha1(0, filesize) == "620448d18321742dd574d3cc90b284d898d2c881" or // wp-includes/comment.php
		438	hash.sha1(0, filesize) == "98cf7396f0e2fe49f20363ae524d4bacbf1e6b7a" or // wp-includes/js/tinymce/tinymce.min.js
		439	hash.sha1(0, filesize) == "6e1c4904233c9e7cccabef93130cae63515d121f" or // wp-admin/includes/upgrade.php
		440	hash.sha1(0, filesize) == "dab050dcb7b3e879aefb6512711890e36235f60b" or // wp-includes/deprecated.php
		441	hash.sha1(0, filesize) == "a59a22eaf8fe475582932ded5d78941abb987f63" or // wp-includes/class-IXR.php
		442	hash.sha1(0, filesize) == "4d9ac49f01d52386b2a1008a89665f8d009b48f3" or // wp-admin/includes/template.php
		443	hash.sha1(0, filesize) == "1d045097928a420aa2b0bdded2858e06103eff12" or // wp-includes/query.php
		444	hash.sha1(0, filesize) == "3c872daa02b246f059db6f2ccf4861bf2c0fc71e" or // wp-includes/functions.php
		445	hash.sha1(0, filesize) == "4d14f4a0e6dee443781f8a4d0dcc179f05cb7508" or // wp-includes/formatting.php
		446	hash.sha1(0, filesize) == "dfe0e8b745d516ee953c36a91f5e381868d1d9ee" or // wp-includes/load.php
		447	hash.sha1(0, filesize) == "42f94321c15d9d03ef6b108beebabf20a5e36f9e" or // wp-admin/includes/schema.php
		448	hash.sha1(0, filesize) == "ed16b47ec6fbe3786d62fa0648a87ab225a5b498" // wp-admin/includes/class-pclzip.php
		449
394	}	450	}