Closed jaygilmore closed 6 years ago
Well the eval\/\*[a-z0-9]+\*\/
, \\[Xx](5[Ff])
and ^.*<\?php.{1100,}\?>.*$
patterns matching the example :) but i made a new pattern as you mentioned.
oddly that file was not caught when we ran the scanner. I'll check now that the code has been updated. Thanks so much. You rock 🤘🏻
We were using the following search pattern on our own before we found your tool:
grep -rlF -e '$GLOBALS;${"\x' www/
It does an excellent job of finding things like the following file: https://gist.github.com/jaygilmore/f8d8fab347b7a746ed7087bd992b214c (note the bad code is all on line 1. You can see as viewed raw: https://gist.githubusercontent.com/jaygilmore/f8d8fab347b7a746ed7087bd992b214c/raw/95e72f5c30b564c6848a8d2d32545b84bbef5d91/globals-x.php)