diff options
| -rw-r--r-- | php-malware-finder/malwares.yara | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 7e2acc0..8fe7b15 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara | |||
| @@ -105,7 +105,6 @@ rule DodgyPhp | |||
| 105 | $basedir_bypass = /curl_init\s*\(\s*["']file:\/\// | 105 | $basedir_bypass = /curl_init\s*\(\s*["']file:\/\// |
| 106 | $basedir_bypass2 = "file:file:///" // https://www.intelligentexploit.com/view-details.html?id=8719 | 106 | $basedir_bypass2 = "file:file:///" // https://www.intelligentexploit.com/view-details.html?id=8719 |
| 107 | $disable_magic_quotes = /set_magic_quotes_runtime\s*\(\s*0/ | 107 | $disable_magic_quotes = /set_magic_quotes_runtime\s*\(\s*0/ |
| 108 | $double_encoding = /(base64_decode\s*\(\s*){2}/ | ||
| 109 | $execution = /(eval|assert|passthru|exec|system|win_shell_execute|base64_decode)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE))/ | 108 | $execution = /(eval|assert|passthru|exec|system|win_shell_execute|base64_decode)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE))/ |
| 110 | $htaccess = "SetHandler application/x-httpd-php" | 109 | $htaccess = "SetHandler application/x-httpd-php" |
| 111 | $iis_com = /IIS:\/\/localhost\/w3svc/ | 110 | $iis_com = /IIS:\/\/localhost\/w3svc/ |