Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Commit

Permalink
improves rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@FeeiCN
FeeiCN committed Oct 26, 2017
1 parent 41af2e4 commit 1ef87ea
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion rules/CVI-360031.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<cobra document="https://github.com/wufeifei/cobra">
<name value="webshell31"/>
<language value="php"/>
<match mode="regex-only-match"><![CDATA[ini_get\s*\(\s*\"disable_functions\"\s*\)|\d\s*=>\s*array\s*\(\s*['\"]\s*pipe\s*['\"]|gzuncompress\(base64_decode\(|crypt\(\$_SERVER\['HTTP_H0ST'\],\d+\)==|if\(file_exists\(\$settings\['STOPFILE'\]\)\)]]></match>
<match mode="regex-only-match"><![CDATA[ini_get\s*\(\s*\"disable_functions\"\s*\)|gzuncompress\(base64_decode\(|crypt\(\$_SERVER\['HTTP_H0ST'\],\d+\)==|if\(file_exists\(\$settings\['STOPFILE'\]\)\)]]></match>
<level value="7"/>
<test>
<case assert="true"><![CDATA[
Expand All @@ -14,6 +14,13 @@
return $NXlKO;
}
]]></case>
<case assert="false"><![CDATA[
$descriptorspec = array(
0 => array("pipe", "r"), // stdin
1 => array("pipe", "w"), // stdout
2 => array("pipe", "w") // stderr
)
]]></case>
</test>
<solution>
## 安全风险
Expand Down

0 comments on commit 1ef87ea

Please sign in to comment.