View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0003760 | Composr | health_check | public | 2019-01-20 17:18 | 2019-06-15 02:22 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Feature-request | ||||
| Status | resolved | Resolution | fixed | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0003760: Scanning for web shells | ||||
| Description | Add a security checker to scan for web shells in the webroot or base directory. | ||||
| Additional Information | Here's some code that works well (based on an analysis of real web shells)... function scan_for_webshells($dir) { $positives = array(); $negatives = array(); $dh = opendir($dir); while (($f = readdir($dh)) !== false) { if (strtolower(substr($f, -4)) == '.php') { if (is_likely_webshell(file_get_contents($dir . '/' . $f))) { $positives[] = $f; } else { $negatives[] = $f; } } } closedir($dh); return array('positives' => $positives, 'negatives' => $negatives); } function is_likely_webshell($c) { $triggers = array( '[^\w]system\(', '[^\w]exec\(', '[^\w]shell_exec\(', '[^\w]passthru\(', '[^\w]popen\(', '[^\w]proc_open\(', '[^\w]eval\(', '[^\w]move_uploaded_file\(', '\$\w+\(', '\$_FILES', '/etc/passwd', '(require|include)(_once)?\([\'"]https?://', ); foreach ($triggers as $trigger) { if (preg_match('#'. $trigger . '#i', $c) != 0) { return true; } } return false; } | ||||
| Tags | Type: Security | ||||
| Time estimation (hours) | 1 | ||||
| Sponsorship open | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-01-20 17:18 | Chris Graham | New Issue | |
| 2019-01-20 17:26 | Chris Graham | Tag Attached: Type: Security | |
| 2019-06-15 02:22 | Chris Graham | Assigned To | => Chris Graham |
| 2019-06-15 02:22 | Chris Graham | Status | non-assigned => resolved |
| 2019-06-15 02:22 | Chris Graham | Resolution | open => fixed |
