forked from wireghoul/graudit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.db
32 lines (32 loc) · 1.26 KB
/
default.db
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
asm[[:space:]]+['"]['"]['"]
unsafeAddr([[:space:]]+|[[:space:]]*\()
addr[[:space:]]*\(
# Execution
exec[[:space:]]*\([^;]*\$[\(\{]?[_a-zA-Z0-9][^\)]*\)[[:space:]]*[\);]
passthru[[:space:]]*\(.*\)
popen[[:space:]]*\(.*\$.*\)
shell_exec[[:space:]]*\(.*\$.*\)
system[[:space:]]*\([^;]*\$[^\)]+\)
#deprecate this `[^`]*\$[^`]+`
`[^`]*\$[\(\{]?[_a-zA-Z0-9][^`]*`
#Otherstuffs
#XSS signature needs to stop matching before LF when color=on #bug(1)
echo.*\$_.*\[.*\]
eval[[:space:]]*\(.*\$.*\)
#SQLi signature needs to stop matching before LF when color=on #bug(1)
(mysql.?_|pg_|sqlsrv_|::)query[[:space:]]*\(.*\$.*\)
[Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=.*\$[^; ]+
([Ww][Hh][Ee][Rr][Ee]|[Aa][Nn][Dd]|[Oo][Rr])[[:space:]]+.*[[:space:]]+[Ll][Ii][Kk][Ee][[:space:]]+.*\$
(include|include_once|require|require_once)[[:space:]]*\([^\;\}\{]*\$.*\)
print.*param[[:space:]]*\(.*\);
extract[[:space:]]*\(\$_(GET|POST|REQUEST|COOKIE|SERVER)
\.cookie[[:space:]]*\(.*\.(query|param)
\.location\.hash\.slice[[:space:]]*\(
.innerHTML[[:space:]]*=.*\.(location\.hash|query|param)
require\(['"]adm-zip['"]\)
\.createWriteStream[[:space:]]*\(
\.runIn(New|This)?Context[[:space:]]*\(
\.compileFunction[[:space:]]*\(
\._compile[[:space:]]*\(
eval[[:space:]]*\([^\'\"\)]+\)
eval[[:space:]]*\([[:space:]]*\`.*\$\{[^\}]+\}