forked from wireghoul/graudit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfruit.db
126 lines (126 loc) · 7.63 KB
/
fruit.db
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
intent\.setData[[:space:]]*\([[:space:]]*Uri\.parse[[:space:]]*\([^\]*\)
setIntent[[:space:]]*\([^\,]+\,[ _a-zA-Z0-9\.\(\)]+\.getIntent[[:space:]]*\(\)
\.rawQuery[[:space:]]*\([^\"\']+\)
\.rawQuery[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
printf[[:space:]]*\([[:space:]]*[^\,\'\"]+[[:space:]]*\)[[:space:]]*\;
sprintf[[:space:]]*\([^\,]+,[^\,]+\%s
.?scanf[[:space:]]*\([^\,]+\%s[^\,]+\,[^\,]+\)\;
strnc(py|at)[[:space:]]*\([^\,]+\,[[:space:]]*[^\,]+\,[[:space:]]*sizeof\(
memcpy[[:space:]]*\([^\,]+\,[^\,]+\,[[:space:]]*sizeof\(
[[:space:]]gets[[:space:]]*\(
^[[:space:]]*gets[[:space:]]*\(
exec(ve|l|lp|le|v)[[:space:]]*\(
system[[:space:]]*\(.+\)\;
malloc[[:space:]]*\(.*strlen[[:space:]]*\(
(strn?c(at|py)|memcpy|sn?printf|scanf)[[:space:]]*\(.*(arg|getenv)
strnc(at|py)[[:space:]]*\([^,]+,[^,]+,[[:space:]]*strlen[[:space:]]*\([^\)]+\)[[:space:]]*\)
<%=[[:space:]]*[Rr]equest\.[Qq]uery[Ss]tring\[.*%>
#[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*\{[0-9]+\}
[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+.*[\'\"][[:space:]]*\+[[:space:]]*[Rr]equest\..*
(WHERE|where)[[:space:]]+.*=.*[\'\"][[:space:]]*\+[[:space:]]*[Rr]equest\..*
[\'\" ]+AND[[:space:]]+.*=.*\+[[:space:]]*[Rr]equest\..*
(LIKE|like)[[:space:]]+[^\;]+\+[[:space:]]*[Rr]equest\..*
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\+[[:space:]]*[Rr]equest
(LIMIT|limit)[[:space:]]+([0-9]+,[[:space:]]*[Rr]equest\..*|[Rr]request\..*)
Process.Start[[:space:]]*\(.*\+
\.Arguments[[:space:]]*=(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+|.*[^\'\"]+[[:space:]]*\+[[:space:]]*[\'\"])
\.SelectNodes[[:space:]]*\(.*[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
ReadAllBytes[[:space:]]*\(.*[Rr]equest
\.WriteString\(.*URL\.Query\(\).*\)
\.Write\(.*URL.Query\(\).*\)
\.Println\(.*URL.Query\(\).*\)
\.Raw\(.*URL.Query\(\).*\)
\.Query\(.*URL.Query\(\).*\)
\.QueryContext\(.*URL.Query\(\).*\)
\.QueryRow\(.*URL.Query\(\).*\)
\.QueryRowContext\(.*URL.Query\(\).*\)
\.Exec\(.*URL.Query\(\).*\)
\.ExecContext\(.*URL.Query\(\).*\)
\.Open\(.*URL.Query\(\).*\)
response.sendRedirect[[:space:]]*\(.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
out\.print(ln)?.*([Rr]eq(uest)?|\.[Gg]et[Pp]aram)
<%=([Rr]equest|\.[Gg]et[Pp]aram)
\.exec[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+.*
(execute|create|new)Query[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
queryforObject[[:space:]]*\(.*[\"\'][[:space:]]*\+[[:space:]]*[^\"\']+
eval[[:space:]]*\([^\)\;]*([Rr]eq(uest)?|\.[Gg]et[Pp]aram).*\)
\.getDocument[[:space:]]*\([^\)\;]+([Rr]eq(uest)?|\.g[Gg]et[Pp]aram).*\)
(WHERE|where)[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']+
[\'\" ]+AND[[:space:]]+.*=[[:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIKE|like)[[:space:]]+[\'\"A-Za-z0-9%]+[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
(LIMIT|limit)[[:space:]]+([0-9,]+)?[;:space:]]*[\'\"][\'\"]?[[:space:]]*\+[[:space:]]*[^\"\']
\.query\(.*[\'\"][[:space:]]*\+.*
eval[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
<%-[[:space:]]+.*%>
\.(spawn|exec)(File)?(Sync)?\([^\)]+([\'\"] *\+|\$\{)
asm[[:space:]]+[\'\"].*
unsafeAddr
execShellCmd[[:space:]]*\(
# Perl-fruit signatures
exec[[:space:]]*\(?.*\$ARGV.*\)?
exec[[:space:]]*\(?.*\$.*->param[[:space:]]*\(.*\).*\)?
system[[:space:]]*\(?.*\$ARGV.*\)?
system[[:space:]]*\(?.*\$.*->param[[:space:]]*\(.*\).*\)?
`.*\$ARGV.*`
`.*\$.*->param[[:space:]]*\(.*\).*`
eval[[:space:]]*\(?.*\$ARGV.*\)?
eval[[:space:]]*\(?.*\$.*->param[[:space:]]*\(.*\).*\)?
use[[:space:]]+.*\$ARGV.*
use[[:space:]]+.*\$.*->param[[:space:]]*\(.*\).*
(WHERE|where)[[:space:]]+.*=.*\$.*->param[[:space:]]*\(.*\)
(LIKE|like)[[:space:]]+.*\$.*->param[[:space:]]*\(.*\)
(ORDER BY|order by)[[:space:]]+.*\$.*->param[[:space:]]*\(.*\)
(LIMIT|limit)[[:space:]]+.*\$.*->param[[:space:]]*\(.*\)
escapeshellcmd[[:space:]]*\([^\)]*escapeshellarg[[:space:]]*\(.*
escapeshellarg[[:space:]]*\([^\)]*escapeshellcmd[[:space:]]*\(.*
[\'\"][[:space:]]*\.[[:space:]]*escapeshellcmd[[:space:]]*\(
echo[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
print_r([[:space:]]+|[[:space:]]*\().*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*
\<\?\=\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
\<\%\=\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
exec[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
system[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
popen[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
proc_open[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
pcntl_exec[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
shell_exec[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
passthru[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
`[^`]*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)[^`]*`
eval[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
header[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
include[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
include_once[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
require[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
require_once[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
fopen[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
readfile[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file_get_contents[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
(is_dir|file_exists|unlink)[[:space:]]*\(\"?\$(_ENV|_GET|_POST|_COOKE|_REQUEST|_SERVER|HTTP|http).*\)
show_source[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
preg_replace[[:space:]]*\([\'"](.).*\1[igsu]*e
highlight_file[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
file[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
unserialize[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
mysql_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
mysqli_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
mssql_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
oci_parse[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
pg_query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
\->query[[:space:]]*\(.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http).*\)
\->query[[:space:]]*\(.*['"][[:space:]]*\.[[:space:]]*\$.*
(WHERE|where)[[:space:]]+.*=.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)[^; ]+
(LIKE|like)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
(LIMIT|limit)[[:space:]]+.*\$(_ENV|_GET|_POST|_COOKIE|_REQUEST|_SERVER|HTTP|http)
\.execute[[:space:]]*\([\"\'].*%.*[\"\'][[:space:]]*%.*\)
Source\.fromFile[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
sql\".*\#\$.*\"\.as\[.*
SQL[[:space:]]*\([^\)\;]+[\'\"][[:space:]]*\+[[:space:]]*[^\'\"]+
(WHERE|where)[[:space:]]+[^;]+(=|[Ii][[Nn][[:space:]]+).*\$\{
[\'\" ]+AND[[:space:]]+.*=[[:space:]]?\$\{[^\}]+\}
(LIKE|like)[[:space:]]+(['"][^\'\"]*)?\$\{[^\}]+\}
(ORDER[[:space:]]+BY|order[[:space:]]+by)[[:space:]]+.*\$\{[^\}]+\}
(LIMIT|limit)[[:space:]]+([0-9 ]+,? ?)?\$\{[^\}]+\}
(spawn|execFile|\.exec)(Sync)?[[:space:]]\(.*(\$\{[^\}]+\}|\.query|\.param)