Version Description
Download this release
Release Info
| Developer | tott |
| Plugin |  Exploit Scanner |
| Version | 0.8 |
| Comparing to | |
| See all releases | |
Code changes from version 0.7 to 0.8
- exploit-scanner.php +74 -68
- readme.txt +3 -2
exploit-scanner.php
CHANGED
|
@@ -3,7 +3,7 @@
|
|
| 3 |
Plugin Name: WordPress Exploit Scanner
|
| 4 |
Plugin URI: http://ocaoimh.ie/exploit-scanner/
|
| 5 |
Description: Scans your WordPress site for possible exploits.
|
| 6 |
-
Version: 0.
|
| 7 |
Author: Donncha O Caoimh
|
| 8 |
Author URI: http://ocaoimh.ie/
|
| 9 |
*/
|
|
@@ -15,8 +15,7 @@ Author URI: http://ocaoimh.ie/
|
|
| 15 |
* @since: 0.7
|
| 16 |
* @todo: get rules and hashes from external source in encrypted format to avoid manipulation and keep them up to date
|
| 17 |
*/
|
| 18 |
-
class Exploit_Scanner
|
| 19 |
-
{
|
| 20 |
var $_path = '';
|
| 21 |
var $_init_path = '';
|
| 22 |
var $_exploit_scanner_filename = 'exploit-scanner-v2.php';
|
|
@@ -39,6 +38,8 @@ class Exploit_Scanner
|
|
| 39 |
var $filehashes = array();
|
| 40 |
var $skip_files = array();
|
| 41 |
|
|
|
|
|
|
|
| 42 |
var $display_severities = array( 'raw', 'blocker', 'severe', 'warning' );
|
| 43 |
|
| 44 |
var $_severities = array( 'blocker', 'severe', 'warning', 'note' );
|
|
@@ -55,8 +56,7 @@ class Exploit_Scanner
|
|
| 55 |
|
| 56 |
var $php_user = '';
|
| 57 |
|
| 58 |
-
function Exploit_Scanner( $path )
|
| 59 |
-
{
|
| 60 |
$this->_path = $this->format_directory_name( $path );
|
| 61 |
$this->_init_path = $this->_path;
|
| 62 |
|
|
@@ -221,6 +221,7 @@ class Exploit_Scanner
|
|
| 221 |
"/script language=\"JavaScript\"/msiU" => array( "level" => "Severe", "note" => "Could be JavaScript code used to hide code inserted by a hacker." ),
|
| 222 |
"/eval\s*\(\s*base64_decode\s*\(/msiU" => array( "level" => "Blocker", "note" => "Most likely used by malicous scripts to decode previously encoded data and execute it" ),
|
| 223 |
"/<!--\s*[A-Za-z0-9]+\s*--><\?php/msiU" => array( "level" => "Blocker", "note" => "Frequently used by Wordpress, MediaTemple, and an Injection Attack. See <a href='http://www.kyle-brady.com/2009/11/07/wordpress-mediatemple-and-an-injection-attack/'>here</a>" ),
|
|
|
|
| 224 |
|
| 225 |
);
|
| 226 |
/**
|
|
@@ -242,15 +243,12 @@ class Exploit_Scanner
|
|
| 242 |
}
|
| 243 |
|
| 244 |
|
| 245 |
-
function format_directory_name( $dir )
|
| 246 |
-
{
|
| 247 |
$dir = preg_split( '/\/+$/', $dir, -1, PREG_SPLIT_NO_EMPTY );
|
| 248 |
return $dir[0];
|
| 249 |
}
|
| 250 |
|
| 251 |
-
function search_file_for_pattern( $file )
|
| 252 |
-
{
|
| 253 |
-
|
| 254 |
if ( !is_readable( $file ) ) {
|
| 255 |
if ( !isset( $this->inaccessible['files']['inaccessible'] ) || !in_array( $file, $this->inaccessible['files']['inaccessible'] ) ) {
|
| 256 |
$this->inaccessible['files']['inaccessible'][] = $file;
|
|
@@ -293,8 +291,7 @@ class Exploit_Scanner
|
|
| 293 |
}
|
| 294 |
}
|
| 295 |
|
| 296 |
-
function scan_directory( $dir, $callback )
|
| 297 |
-
{
|
| 298 |
$sub_dirs = array();
|
| 299 |
$dir_files = array();
|
| 300 |
if ( $handle = @opendir( $dir ) ) {
|
|
@@ -327,8 +324,7 @@ class Exploit_Scanner
|
|
| 327 |
|
| 328 |
}
|
| 329 |
|
| 330 |
-
function is_extension($file)
|
| 331 |
-
{
|
| 332 |
if ( empty( $this->allowed_extensions ) )
|
| 333 |
return true;
|
| 334 |
|
|
@@ -367,13 +363,14 @@ class Exploit_Scanner
|
|
| 367 |
@ini_set( 'memory_limit', (int) $this->memory_limit . 'M' );
|
| 368 |
|
| 369 |
$this->prepare_patterns();
|
| 370 |
-
|
| 371 |
if ( empty( $scans ) || !is_array( $scans ) )
|
| 372 |
$this->add_result( '', '', '', '', 'You did not select any scans. Please select at least one scan to execute.', 'Blocker', 'run' );
|
| 373 |
-
|
| 374 |
foreach ( (array) $this->_possible_scans as $group => $scan_types ) {
|
| 375 |
if ( in_array( $group, $scans ) ) {
|
| 376 |
foreach ( (array) $scan_types as $scan ) {
|
|
|
|
|
|
|
| 377 |
if ( is_callable( array( &$this, $scan ) ) )
|
| 378 |
call_user_func( array( &$this, $scan ) );
|
| 379 |
}
|
|
@@ -625,27 +622,27 @@ class Exploit_Scanner
|
|
| 625 |
}
|
| 626 |
|
| 627 |
function get_serverinfo() {
|
| 628 |
-
|
| 629 |
-
|
| 630 |
|
| 631 |
-
|
| 632 |
-
|
| 633 |
-
|
| 634 |
-
|
| 635 |
-
|
| 636 |
-
|
| 637 |
-
|
| 638 |
-
|
| 639 |
-
|
| 640 |
-
|
| 641 |
-
|
| 642 |
-
|
| 643 |
-
|
| 644 |
-
|
| 645 |
-
|
| 646 |
-
|
| 647 |
-
|
| 648 |
-
|
| 649 |
<table class="widefat fixed" style="margin-bottom: 2em;">
|
| 650 |
<thead>
|
| 651 |
<tr>
|
|
@@ -662,7 +659,10 @@ class Exploit_Scanner
|
|
| 662 |
else
|
| 663 |
$description = 'n/a';
|
| 664 |
echo '<tr><td>' . $var . '</td><td>' . $value . '</td><td>' . $description . '</td></tr>';
|
| 665 |
-
}
|
|
|
|
|
|
|
|
|
|
| 666 |
$list = ob_get_clean();
|
| 667 |
$this->add_result('', $list, '', '', '', 'raw', $this->scan_source);
|
| 668 |
}
|
|
@@ -732,14 +732,14 @@ class Exploit_Scanner
|
|
| 732 |
|
| 733 |
function add_result( $file_path, $line_contents, $line_number,$pattern, $problem_description, $problem_level, $scan_source = 'file' ) {
|
| 734 |
$this->_search_results[] = array(
|
| 735 |
-
|
| 736 |
-
|
| 737 |
-
|
| 738 |
-
|
| 739 |
-
|
| 740 |
-
|
| 741 |
-
|
| 742 |
-
|
| 743 |
}
|
| 744 |
|
| 745 |
function get_search_results( $type = '' ) {
|
|
@@ -1046,23 +1046,22 @@ class Exploit_Scanner
|
|
| 1046 |
|
| 1047 |
}
|
| 1048 |
|
| 1049 |
-
|
| 1050 |
-
|
| 1051 |
-
|
| 1052 |
-
add_action('
|
| 1053 |
|
| 1054 |
function exploitscanner_menu() {
|
| 1055 |
-
wp_enqueue_script( 'jquery-form' );
|
| 1056 |
add_submenu_page('index.php', 'Exploit Scanner', 'Exploit Scanner', 'manage_options', 'exploit-admin-page', 'exploit_admin_page');
|
| 1057 |
-
|
| 1058 |
}
|
| 1059 |
-
|
| 1060 |
|
| 1061 |
add_action('wp_ajax_get_exploitscanner_results_all', 'exploitscanner_ajax_action_all');
|
| 1062 |
function exploitscanner_ajax_action_all() {
|
| 1063 |
global $wp_version;
|
| 1064 |
check_admin_referer( 'exploitscanner-scan_all' );
|
| 1065 |
$scanner = new Exploit_Scanner( ABSPATH );
|
|
|
|
| 1066 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1067 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
| 1068 |
$scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
|
|
@@ -1080,6 +1079,7 @@ function exploitscanner_ajax_action_custom() {
|
|
| 1080 |
$scanner->restricted_commands = array();
|
| 1081 |
$scanner->whitelist_patterns = array();
|
| 1082 |
$scanner->restricted_patterns = array();
|
|
|
|
| 1083 |
$scanner->display_severities = array('raw','blocker');
|
| 1084 |
foreach ( (array) $strings as $string ) {
|
| 1085 |
$scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
|
|
@@ -1105,10 +1105,11 @@ function exploit_admin_page() {
|
|
| 1105 |
<form action='?page=exploit-admin-page&scan=all' id="exploit_scan" method='POST'>
|
| 1106 |
<input type="hidden" name="action" value="get_exploitscanner_results_all">
|
| 1107 |
<table>
|
| 1108 |
-
<tr><td>Scans to execute:</td><td>General Infos <input type='checkbox' name='scans[]' value='info' checked="checked"
|
| 1109 |
-
<tr><td>Severities to show:</td><td> Blocker <input type='checkbox' name='show[]' value='blocker' checked="checked"
|
| 1110 |
-
<tr><td>
|
| 1111 |
-
<tr><td>
|
|
|
|
| 1112 |
</table>
|
| 1113 |
<?php wp_nonce_field( 'exploitscanner-scan_all' ); ?>
|
| 1114 |
<input type='submit' class="button exploit-scan-button" value='Run the Scan' />
|
|
@@ -1120,7 +1121,7 @@ function exploit_admin_page() {
|
|
| 1120 |
<form method="get" id="exploit_scan_custom">
|
| 1121 |
<input type="hidden" name="action" value="get_exploitscanner_results_custom">
|
| 1122 |
<input type="hidden" name="page" value="exploit-admin-page" />
|
| 1123 |
-
<input type="text" name="customscan" class="regular-text code" />
|
| 1124 |
<?php wp_nonce_field( 'exploitscanner-scan_customstrings' ); ?>
|
| 1125 |
<input type="submit" class="button exploit-scan-button" value="Search Files" />
|
| 1126 |
</form>
|
|
@@ -1128,21 +1129,21 @@ function exploit_admin_page() {
|
|
| 1128 |
<script type="text/javascript">
|
| 1129 |
jQuery(document).ready(function($){
|
| 1130 |
var options = {
|
| 1131 |
-
url:
|
| 1132 |
target: '#output1', // target element(s) to be updated with server response
|
| 1133 |
beforeSubmit: showRequest, // pre-submit callback
|
| 1134 |
success: showResponse,
|
| 1135 |
};
|
| 1136 |
|
| 1137 |
var options2 = {
|
| 1138 |
-
url:
|
| 1139 |
target: '#output1', // target element(s) to be updated with server response
|
| 1140 |
beforeSubmit: showRequest, // pre-submit callback
|
| 1141 |
success: showResponse,
|
| 1142 |
};
|
| 1143 |
|
| 1144 |
-
jQuery('#exploit_scan').ajaxForm(options);
|
| 1145 |
-
jQuery('#exploit_scan_custom').ajaxForm(options2);
|
| 1146 |
|
| 1147 |
});
|
| 1148 |
function showRequest(formData, jqForm, options) {
|
|
@@ -1162,10 +1163,11 @@ function exploit_admin_page() {
|
|
| 1162 |
$scanner = new Exploit_Scanner( ABSPATH );
|
| 1163 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1164 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
|
|
|
| 1165 |
$scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
|
| 1166 |
array_push( $scanner->display_severities, 'raw' );
|
| 1167 |
$scanner->run( $_POST['scans'] );
|
| 1168 |
-
echo $scanner->get_html_result();
|
| 1169 |
} elseif ( isset( $_GET['customscan'] ) ) {
|
| 1170 |
check_admin_referer( 'exploitscanner-scan_customstrings' );
|
| 1171 |
$strings = explode( ',', $_GET['customscan'] );
|
|
@@ -1174,20 +1176,24 @@ function exploit_admin_page() {
|
|
| 1174 |
$scanner->whitelist_patterns = array();
|
| 1175 |
$scanner->restricted_patterns = array();
|
| 1176 |
$scanner->display_severities = array('blocker');
|
|
|
|
| 1177 |
foreach ( (array) $strings as $string ) {
|
| 1178 |
$scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
|
| 1179 |
}
|
| 1180 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1181 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
| 1182 |
$scanner->run( array( 'file_scan', 'db_scan' ) );
|
| 1183 |
-
echo $scanner->get_html_result();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1184 |
}
|
| 1185 |
?>
|
| 1186 |
-
<div id="output1"></div>
|
| 1187 |
-
<div id="loader" style="display:none; margin: 10px; padding: 10px; border: 1px solid #333; margin-top: 30px; text-align: center">
|
| 1188 |
-
<p><strong>Searching your filesystem and database for hidden links, malicious JavaScript and other possible exploit code</strong><br /><br />Please wait while loading...</p>
|
| 1189 |
-
<img src="<?php echo WP_PLUGIN_URL; ?>/exploit-scanner/loader.gif" height="16px" width="16px" alt="loading-icon" />
|
| 1190 |
-
</div>
|
| 1191 |
<h4>DISCLAIMER</h4>
|
| 1192 |
<p>Unfortunately it's impossible to catch every hack, and it's also too easy to catch "false positives" or things that aren't hacks. If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof. </p>
|
| 1193 |
|
| 3 |
Plugin Name: WordPress Exploit Scanner
|
| 4 |
Plugin URI: http://ocaoimh.ie/exploit-scanner/
|
| 5 |
Description: Scans your WordPress site for possible exploits.
|
| 6 |
+
Version: 0.8
|
| 7 |
Author: Donncha O Caoimh
|
| 8 |
Author URI: http://ocaoimh.ie/
|
| 9 |
*/
|
| 15 |
* @since: 0.7
|
| 16 |
* @todo: get rules and hashes from external source in encrypted format to avoid manipulation and keep them up to date
|
| 17 |
*/
|
| 18 |
+
class Exploit_Scanner {
|
|
|
|
| 19 |
var $_path = '';
|
| 20 |
var $_init_path = '';
|
| 21 |
var $_exploit_scanner_filename = 'exploit-scanner-v2.php';
|
| 38 |
var $filehashes = array();
|
| 39 |
var $skip_files = array();
|
| 40 |
|
| 41 |
+
var $skip_checks = array();
|
| 42 |
+
|
| 43 |
var $display_severities = array( 'raw', 'blocker', 'severe', 'warning' );
|
| 44 |
|
| 45 |
var $_severities = array( 'blocker', 'severe', 'warning', 'note' );
|
| 56 |
|
| 57 |
var $php_user = '';
|
| 58 |
|
| 59 |
+
function Exploit_Scanner( $path ) {
|
|
|
|
| 60 |
$this->_path = $this->format_directory_name( $path );
|
| 61 |
$this->_init_path = $this->_path;
|
| 62 |
|
| 221 |
"/script language=\"JavaScript\"/msiU" => array( "level" => "Severe", "note" => "Could be JavaScript code used to hide code inserted by a hacker." ),
|
| 222 |
"/eval\s*\(\s*base64_decode\s*\(/msiU" => array( "level" => "Blocker", "note" => "Most likely used by malicous scripts to decode previously encoded data and execute it" ),
|
| 223 |
"/<!--\s*[A-Za-z0-9]+\s*--><\?php/msiU" => array( "level" => "Blocker", "note" => "Frequently used by Wordpress, MediaTemple, and an Injection Attack. See <a href='http://www.kyle-brady.com/2009/11/07/wordpress-mediatemple-and-an-injection-attack/'>here</a>" ),
|
| 224 |
+
"/<script>\/\*GNU GPL\*\/ try\{window.onload.+catch\(e\) \{\}<\/script>/msiU" => array( "level" => "Blocker", "note" => "Possible 'GNU GPL' JavaScript attack. See <a href='http://seoforums.org/site-optimization/118-script-gnu-gpl-try-window-onload-function-var.html'>here</a>" ),
|
| 225 |
|
| 226 |
);
|
| 227 |
/**
|
| 243 |
}
|
| 244 |
|
| 245 |
|
| 246 |
+
function format_directory_name( $dir ) {
|
|
|
|
| 247 |
$dir = preg_split( '/\/+$/', $dir, -1, PREG_SPLIT_NO_EMPTY );
|
| 248 |
return $dir[0];
|
| 249 |
}
|
| 250 |
|
| 251 |
+
function search_file_for_pattern( $file ) {
|
|
|
|
|
|
|
| 252 |
if ( !is_readable( $file ) ) {
|
| 253 |
if ( !isset( $this->inaccessible['files']['inaccessible'] ) || !in_array( $file, $this->inaccessible['files']['inaccessible'] ) ) {
|
| 254 |
$this->inaccessible['files']['inaccessible'][] = $file;
|
| 291 |
}
|
| 292 |
}
|
| 293 |
|
| 294 |
+
function scan_directory( $dir, $callback ) {
|
|
|
|
| 295 |
$sub_dirs = array();
|
| 296 |
$dir_files = array();
|
| 297 |
if ( $handle = @opendir( $dir ) ) {
|
| 324 |
|
| 325 |
}
|
| 326 |
|
| 327 |
+
function is_extension($file) {
|
|
|
|
| 328 |
if ( empty( $this->allowed_extensions ) )
|
| 329 |
return true;
|
| 330 |
|
| 363 |
@ini_set( 'memory_limit', (int) $this->memory_limit . 'M' );
|
| 364 |
|
| 365 |
$this->prepare_patterns();
|
|
|
|
| 366 |
if ( empty( $scans ) || !is_array( $scans ) )
|
| 367 |
$this->add_result( '', '', '', '', 'You did not select any scans. Please select at least one scan to execute.', 'Blocker', 'run' );
|
| 368 |
+
|
| 369 |
foreach ( (array) $this->_possible_scans as $group => $scan_types ) {
|
| 370 |
if ( in_array( $group, $scans ) ) {
|
| 371 |
foreach ( (array) $scan_types as $scan ) {
|
| 372 |
+
if ( in_array( $scan, $this->skip_checks ) )
|
| 373 |
+
continue;
|
| 374 |
if ( is_callable( array( &$this, $scan ) ) )
|
| 375 |
call_user_func( array( &$this, $scan ) );
|
| 376 |
}
|
| 622 |
}
|
| 623 |
|
| 624 |
function get_serverinfo() {
|
| 625 |
+
global $wpdb;
|
| 626 |
+
$this->scan_source = 'get_serverinfo';
|
| 627 |
|
| 628 |
+
$info['sqlversion'] = $wpdb->get_var( "SELECT VERSION() AS version" );
|
| 629 |
+
$mysqlinfo = $wpdb->get_results( "SHOW VARIABLES LIKE 'sql_mode'" );
|
| 630 |
+
if ( is_array( $mysqlinfo ) )
|
| 631 |
+
$info['sql_mode'] = $mysqlinfo[0]->Value;
|
| 632 |
+
|
| 633 |
+
$ini_vars = array( 'safe_mode', 'allow_url_fopen', 'upload_max_filesize', 'post_max_size', 'max_execution_time', 'memory_limit' );
|
| 634 |
+
foreach ( $ini_vars as $var ) {
|
| 635 |
+
if ( $val = ini_get( $var ) )
|
| 636 |
+
$info[$var] = $val;
|
| 637 |
+
else
|
| 638 |
+
$info[$var] = ( $var === false) ? 'off' : 'n/a';
|
| 639 |
+
}
|
| 640 |
+
|
| 641 |
+
if ( function_exists( 'memory_get_usage' ) )
|
| 642 |
+
$info['memory_usage'] = round( memory_get_usage() / 1024 / 1024, 2) . __(' MByte');
|
| 643 |
+
|
| 644 |
+
ob_start();
|
| 645 |
+
?>
|
| 646 |
<table class="widefat fixed" style="margin-bottom: 2em;">
|
| 647 |
<thead>
|
| 648 |
<tr>
|
| 659 |
else
|
| 660 |
$description = 'n/a';
|
| 661 |
echo '<tr><td>' . $var . '</td><td>' . $value . '</td><td>' . $description . '</td></tr>';
|
| 662 |
+
} ?>
|
| 663 |
+
</tbody>
|
| 664 |
+
</table>
|
| 665 |
+
<?php
|
| 666 |
$list = ob_get_clean();
|
| 667 |
$this->add_result('', $list, '', '', '', 'raw', $this->scan_source);
|
| 668 |
}
|
| 732 |
|
| 733 |
function add_result( $file_path, $line_contents, $line_number,$pattern, $problem_description, $problem_level, $scan_source = 'file' ) {
|
| 734 |
$this->_search_results[] = array(
|
| 735 |
+
'file_path' => $file_path,
|
| 736 |
+
'line_contents' => $line_contents,
|
| 737 |
+
'line_number' => $line_number,
|
| 738 |
+
'pattern' => $pattern,
|
| 739 |
+
'problem_description' => $problem_description,
|
| 740 |
+
'problem_level' => $problem_level,
|
| 741 |
+
'scan_source' => $scan_source,
|
| 742 |
+
);
|
| 743 |
}
|
| 744 |
|
| 745 |
function get_search_results( $type = '' ) {
|
| 1046 |
|
| 1047 |
}
|
| 1048 |
|
| 1049 |
+
function exploit_scanner_scripts() {
|
| 1050 |
+
wp_enqueue_script( 'jquery-form' );
|
| 1051 |
+
}
|
| 1052 |
+
add_action( 'wp_print_scripts', 'exploit_scanner_scripts');
|
| 1053 |
|
| 1054 |
function exploitscanner_menu() {
|
|
|
|
| 1055 |
add_submenu_page('index.php', 'Exploit Scanner', 'Exploit Scanner', 'manage_options', 'exploit-admin-page', 'exploit_admin_page');
|
|
|
|
| 1056 |
}
|
| 1057 |
+
add_action('admin_menu', 'exploitscanner_menu');
|
| 1058 |
|
| 1059 |
add_action('wp_ajax_get_exploitscanner_results_all', 'exploitscanner_ajax_action_all');
|
| 1060 |
function exploitscanner_ajax_action_all() {
|
| 1061 |
global $wp_version;
|
| 1062 |
check_admin_referer( 'exploitscanner-scan_all' );
|
| 1063 |
$scanner = new Exploit_Scanner( ABSPATH );
|
| 1064 |
+
$scanner->skip_checks = ( empty( $_POST['skip_checks'] ) ) ? array() : $_POST['skip_checks'];
|
| 1065 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1066 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
| 1067 |
$scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
|
| 1079 |
$scanner->restricted_commands = array();
|
| 1080 |
$scanner->whitelist_patterns = array();
|
| 1081 |
$scanner->restricted_patterns = array();
|
| 1082 |
+
$scanner->skip_checks = ( empty( $_POST['skip_checks'] ) ) ? array( 'verify_permissions' ) : $_POST['skip_checks'];
|
| 1083 |
$scanner->display_severities = array('raw','blocker');
|
| 1084 |
foreach ( (array) $strings as $string ) {
|
| 1085 |
$scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
|
| 1105 |
<form action='?page=exploit-admin-page&scan=all' id="exploit_scan" method='POST'>
|
| 1106 |
<input type="hidden" name="action" value="get_exploitscanner_results_all">
|
| 1107 |
<table>
|
| 1108 |
+
<tr><td>Scans to execute:</td><td>General Infos <input type='checkbox' name='scans[]' value='info' <?php if ( empty( $_POST ) || in_array( 'info', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/> File scan <input type='checkbox' name='scans[]' value='file_scan' <?php if ( empty( $_POST ) || in_array( 'file_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/> Database scan <input type='checkbox' name='scans[]' value='db_scan' <?php if ( empty( $_POST ) || in_array( 'db_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/></td></tr>
|
| 1109 |
+
<tr><td>Severities to show:</td><td> Blocker <input type='checkbox' name='show[]' value='blocker' <?php if ( empty( $_POST ) || in_array( 'blocker', $_POST['show'] ) ) echo 'checked="checked"'; ?>/> Severe <input type='checkbox' name='show[]' value='severe' <?php if ( empty( $_POST ) || in_array( 'severe', $_POST['show'] ) ) echo 'checked="checked"'; ?>/> Warning <input type='checkbox' name='show[]' value='warning' <?php if ( empty( $_POST ) || in_array( 'warning', $_POST['show'] ) ) echo 'checked="checked"'; ?>/> Note <input type='checkbox' name='show[]' value='note' <?php if ( in_array( 'note', $_POST['show'] ) ) echo 'checked="checked"'; ?>/></td></tr>
|
| 1110 |
+
<tr><td>Skip check:</td><td> File permission scan <input type='checkbox' name='skip_checks[]' value='file_permission_scan' <?php if ( empty( $_POST ) || in_array( 'file_permission_scan', $_POST['skip_checks'] ) ) echo 'checked="checked"'; ?> /></td></tr>
|
| 1111 |
+
<tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='<?php echo $_POST['memory_limit'] ? $_POST['memory_limit'] : 128; ?>'/>MB (Max memory used by PHP.)</td></tr>
|
| 1112 |
+
<tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='<?php echo $_POST['filesize_limit'] ? $_POST['filesize_limit'] : 400; ?>' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>
|
| 1113 |
</table>
|
| 1114 |
<?php wp_nonce_field( 'exploitscanner-scan_all' ); ?>
|
| 1115 |
<input type='submit' class="button exploit-scan-button" value='Run the Scan' />
|
| 1121 |
<form method="get" id="exploit_scan_custom">
|
| 1122 |
<input type="hidden" name="action" value="get_exploitscanner_results_custom">
|
| 1123 |
<input type="hidden" name="page" value="exploit-admin-page" />
|
| 1124 |
+
<input type="text" name="customscan" class="regular-text code" value="<?php echo $_POST['customscan']; ?>" />
|
| 1125 |
<?php wp_nonce_field( 'exploitscanner-scan_customstrings' ); ?>
|
| 1126 |
<input type="submit" class="button exploit-scan-button" value="Search Files" />
|
| 1127 |
</form>
|
| 1129 |
<script type="text/javascript">
|
| 1130 |
jQuery(document).ready(function($){
|
| 1131 |
var options = {
|
| 1132 |
+
url: '<?php echo admin_url("admin-ajax.php"); ?>',
|
| 1133 |
target: '#output1', // target element(s) to be updated with server response
|
| 1134 |
beforeSubmit: showRequest, // pre-submit callback
|
| 1135 |
success: showResponse,
|
| 1136 |
};
|
| 1137 |
|
| 1138 |
var options2 = {
|
| 1139 |
+
url: '<?php echo admin_url("admin-ajax.php"); ?>',
|
| 1140 |
target: '#output1', // target element(s) to be updated with server response
|
| 1141 |
beforeSubmit: showRequest, // pre-submit callback
|
| 1142 |
success: showResponse,
|
| 1143 |
};
|
| 1144 |
|
| 1145 |
+
//jQuery('#exploit_scan').ajaxForm(options);
|
| 1146 |
+
//jQuery('#exploit_scan_custom').ajaxForm(options2);
|
| 1147 |
|
| 1148 |
});
|
| 1149 |
function showRequest(formData, jqForm, options) {
|
| 1163 |
$scanner = new Exploit_Scanner( ABSPATH );
|
| 1164 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1165 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
| 1166 |
+
$scanner->skip_checks = ( empty( $_POST['skip_checks'] ) ) ? array() : $_POST['skip_checks'];
|
| 1167 |
$scanner->display_severities = ( empty( $_POST['show'] ) ) ? $scanner->display_severities : (array) $_POST['show'];
|
| 1168 |
array_push( $scanner->display_severities, 'raw' );
|
| 1169 |
$scanner->run( $_POST['scans'] );
|
| 1170 |
+
echo '<div id="output1">' . $scanner->get_html_result() . '</div>';
|
| 1171 |
} elseif ( isset( $_GET['customscan'] ) ) {
|
| 1172 |
check_admin_referer( 'exploitscanner-scan_customstrings' );
|
| 1173 |
$strings = explode( ',', $_GET['customscan'] );
|
| 1176 |
$scanner->whitelist_patterns = array();
|
| 1177 |
$scanner->restricted_patterns = array();
|
| 1178 |
$scanner->display_severities = array('blocker');
|
| 1179 |
+
$scanner->skip_checks = ( empty( $_POST['skip_checks'] ) ) ? array( 'file_permission_scan' ) : $_POST['skip_checks'];
|
| 1180 |
foreach ( (array) $strings as $string ) {
|
| 1181 |
$scanner->restricted_patterns[ "|" . preg_quote($string) . "|msiU" ] = array( "level" => "Blocker", "note" => "Found string " . esc_html($string) );
|
| 1182 |
}
|
| 1183 |
$scanner->file_size_limit = ( empty( $_POST['filesize_limit'] ) ) ? 400 : (int) $_POST['filesize_limit'];
|
| 1184 |
$scanner->memory_limit = ( empty( $_POST['memory_limit'] ) ) ? '' : (int) $_POST['memory_limit'];
|
| 1185 |
$scanner->run( array( 'file_scan', 'db_scan' ) );
|
| 1186 |
+
echo '<div id="output1">' . $scanner->get_html_result() . '</div>';
|
| 1187 |
+
} else {
|
| 1188 |
+
?>
|
| 1189 |
+
<div id="output1"></div>
|
| 1190 |
+
<div id="loader" style="display:none; margin: 10px; padding: 10px; border: 1px solid #333; margin-top: 30px; text-align: center">
|
| 1191 |
+
<p><strong>Searching your filesystem and database for hidden links, malicious JavaScript and other possible exploit code</strong><br /><br />Please wait while loading...</p>
|
| 1192 |
+
<img src="<?php echo WP_PLUGIN_URL; ?>/exploit-scanner/loader.gif" height="16px" width="16px" alt="loading-icon" />
|
| 1193 |
+
</div>
|
| 1194 |
+
<?php
|
| 1195 |
}
|
| 1196 |
?>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1197 |
<h4>DISCLAIMER</h4>
|
| 1198 |
<p>Unfortunately it's impossible to catch every hack, and it's also too easy to catch "false positives" or things that aren't hacks. If you have been hacked, this script may help you track down what files, comments or posts have been modified. On the other hand, if this script indicates your blog is clean, don't believe it. This is far from foolproof. </p>
|
| 1199 |
|
readme.txt
CHANGED
|
@@ -1,8 +1,8 @@
|
|
| 1 |
=== WordPress Exploit Scanner ===
|
| 2 |
-
Contributors: donncha, duck_, ryan, azaozz
|
| 3 |
Tags: hacking, spam, hack, crack, exploit, vulnerability
|
| 4 |
Tested up to: 2.8.6
|
| 5 |
-
Stable tag: 0.
|
| 6 |
Requires at least: 2.7.1
|
| 7 |
Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
|
| 8 |
|
|
@@ -13,6 +13,7 @@ This plugin searches the files on your website, and the posts and comments table
|
|
| 13 |
|
| 14 |
It does not remove anything. That is left to the user to do.
|
| 15 |
|
|
|
|
| 16 |
* MD5 for version 0.7: 1d4b6797f10685bd271ebc1ec17b782c
|
| 17 |
* MD5 for version 0.6: a36d9eb168e51b62c61b1ab4afee8243
|
| 18 |
* MD5 for version 0.5: e434bad527c860ebf95777c05d551784
|
| 1 |
=== WordPress Exploit Scanner ===
|
| 2 |
+
Contributors: donncha, duck_, ryan, azaozz, tott
|
| 3 |
Tags: hacking, spam, hack, crack, exploit, vulnerability
|
| 4 |
Tested up to: 2.8.6
|
| 5 |
+
Stable tag: 0.8
|
| 6 |
Requires at least: 2.7.1
|
| 7 |
Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
|
| 8 |
|
| 13 |
|
| 14 |
It does not remove anything. That is left to the user to do.
|
| 15 |
|
| 16 |
+
* MD5 for version 0.8: d06d1f04d3652cafb862756ecc499884
|
| 17 |
* MD5 for version 0.7: 1d4b6797f10685bd271ebc1ec17b782c
|
| 18 |
* MD5 for version 0.6: a36d9eb168e51b62c61b1ab4afee8243
|
| 19 |
* MD5 for version 0.5: e434bad527c860ebf95777c05d551784
|
