summaryrefslogtreecommitdiff
path: root/data
diff options
context:
space:
mode:
authorJulien Voisin2023-02-28 15:30:46 +0100
committerGitHub2023-02-28 15:30:46 +0100
commitaca14bfc3b2fa40a470a4f0fd8dcc1e0856f9c1c (patch)
tree03924e37b7e3006b9351e0acd9542502a0982a91 /data
parentb21d716cbb223442b574907bd55a38e955a030d1 (diff)
Add a simple rule
Diffstat (limited to 'data')
-rw-r--r--data/php.yar3
1 files changed, 2 insertions, 1 deletions
diff --git a/data/php.yar b/data/php.yar
index 4470e1b..1b120fc 100644
--- a/data/php.yar
+++ b/data/php.yar
@@ -100,6 +100,7 @@ rule DodgyPhp
100 $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec 100 $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec
101 $at_eval = /@eval\s*\(/ nocase 101 $at_eval = /@eval\s*\(/ nocase
102 $double_var = /\${\s*\${/ 102 $double_var = /\${\s*\${/
103 $username = /getenv(['"]username["'])/
103 $extract = /extract\s*\(\s*\$_(GET|POST|REQUEST|COOKIE|SERVER)/ 104 $extract = /extract\s*\(\s*\$_(GET|POST|REQUEST|COOKIE|SERVER)/
104 $reversed = /noitcnuf_etaerc|metsys|urhtssap|edulcni|etucexe_llehs/ nocase 105 $reversed = /noitcnuf_etaerc|metsys|urhtssap|edulcni|etucexe_llehs/ nocase
105 $silenced_include =/@\s*include\s*/ nocase 106 $silenced_include =/@\s*include\s*/ nocase
@@ -322,7 +323,7 @@ rule DodgyStrings
322 $ = "slowloris" fullword nocase 323 $ = "slowloris" fullword nocase
323 $ = "suhosin" fullword 324 $ = "suhosin" fullword
324 $ = "sun-tzu" fullword nocase // Because quotes from the Art of War is mandatory for any cool webshell. 325 $ = "sun-tzu" fullword nocase // Because quotes from the Art of War is mandatory for any cool webshell.
325 $ = /trojan (payload)?/ 326 $ = /trojan (payload)?/
326 $ = "uname -a" fullword 327 $ = "uname -a" fullword
327 $ = "visbot" nocase fullword 328 $ = "visbot" nocase fullword
328 $ = "warez" fullword nocase 329 $ = "warez" fullword nocase