Exploit Scanner - Version 0.9

Version Description

Release Info

Developer	tott
Plugin	Exploit Scanner
Version	0.9
Comparing to
See all releases

Code changes from version 0.8 to 0.9

Files changed (2) hide show

exploit-scanner.php +8 -2
readme.txt +2 -1

exploit-scanner.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	Plugin Name: WordPress Exploit Scanner
4	Plugin URI: http://ocaoimh.ie/exploit-scanner/
5	Description: Scans your WordPress site for possible exploits.
6	- Version: 0.8
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/
	@@ -338,12 +338,16 @@ class Exploit_Scanner {
338	function prepare_patterns() {
339	if ( ! empty( $this->restricted_patterns ) ) {
340	foreach ( $this->restricted_patterns as $pattern => $data ) {


341	$this->_prepared_patterns[] = $pattern;
342	$this->_pattern_descriptions[ $pattern ] = $data;
343	}
344	}
345	if ( ! empty( $this->whitelist_patterns ) ) {
346	foreach ( $this->whitelist_patterns as $pattern => $data ) {


347	$this->_prepared_patterns[] = $pattern;
348	$this->_pattern_descriptions[ $pattern ] = $data;
349	}
	@@ -351,6 +355,8 @@ class Exploit_Scanner {
351
352	if ( ! empty( $this->restricted_commands ) ) {
353	foreach ( $this->restricted_commands as $command => $data) {


354	$cmd_pattern = "/\s+($command)+\s?\(+[\$\|\'\|\"]+/msiU";
355	$this->_prepared_patterns[] = $cmd_pattern;
356	$this->_pattern_descriptions[ $cmd_pattern ] = $data;
	@@ -1106,7 +1112,7 @@ function exploit_admin_page() {
1106	<input type="hidden" name="action" value="get_exploitscanner_results_all">
1107	<table>
1108	<tr><td>Scans to execute:</td><td>General Infos <input type='checkbox' name='scans[]' value='info' <?php if ( empty( $_POST ) \|\| in_array( 'info', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/>   File scan <input type='checkbox' name='scans[]' value='file_scan' <?php if ( empty( $_POST ) \|\| in_array( 'file_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/>   Database scan <input type='checkbox' name='scans[]' value='db_scan' <?php if ( empty( $_POST ) \|\| in_array( 'db_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/></td></tr>
1109	- <tr><td>Severities to show:</td><td> Blocker <input type='checkbox' name='show[]' value='blocker' <?php if ( empty( $_POST ) \|\| in_array( 'blocker', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Severe <input type='checkbox' name='show[]' value='severe' <?php if ( empty( $_POST ) \|\| in_array( 'severe', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Warning <input type='checkbox' name='show[]' value='warning' <?php if ( empty( $_POST ) \|\| in_array( 'warning', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Note <input type='checkbox' name='show[]' value='note' <?php if ( in_array( 'note', $_POST['show'] ) ) echo 'checked="checked"'; ?>/></td></tr>
1110	<tr><td>Skip check:</td><td> File permission scan <input type='checkbox' name='skip_checks[]' value='file_permission_scan' <?php if ( empty( $_POST ) \|\| in_array( 'file_permission_scan', $_POST['skip_checks'] ) ) echo 'checked="checked"'; ?> /></td></tr>
1111	<tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='<?php echo $_POST['memory_limit'] ? $_POST['memory_limit'] : 128; ?>'/>MB (Max memory used by PHP.)</td></tr>
1112	<tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='<?php echo $_POST['filesize_limit'] ? $_POST['filesize_limit'] : 400; ?>' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>


3	Plugin Name: WordPress Exploit Scanner
4	Plugin URI: http://ocaoimh.ie/exploit-scanner/
5	Description: Scans your WordPress site for possible exploits.
6	+ Version: 0.9
7	Author: Donncha O Caoimh
8	Author URI: http://ocaoimh.ie/
9	*/

338	function prepare_patterns() {
339	if ( ! empty( $this->restricted_patterns ) ) {
340	foreach ( $this->restricted_patterns as $pattern => $data ) {
341	+ if ( !in_array( strtolower( $data['level'] ), $scanner->display_severities ) )
342	+ continue;
343	$this->_prepared_patterns[] = $pattern;
344	$this->_pattern_descriptions[ $pattern ] = $data;
345	}
346	}
347	if ( ! empty( $this->whitelist_patterns ) ) {
348	foreach ( $this->whitelist_patterns as $pattern => $data ) {
349	+ if ( !in_array( strtolower( $data['level'] ), $scanner->display_severities ) )
350	+ continue;
351	$this->_prepared_patterns[] = $pattern;
352	$this->_pattern_descriptions[ $pattern ] = $data;
353	}

355
356	if ( ! empty( $this->restricted_commands ) ) {
357	foreach ( $this->restricted_commands as $command => $data) {
358	+ if ( !in_array( strtolower( $data['level'] ), $scanner->display_severities ) )
359	+ continue;
360	$cmd_pattern = "/\s+($command)+\s?\(+[\$\|\'\|\"]+/msiU";
361	$this->_prepared_patterns[] = $cmd_pattern;
362	$this->_pattern_descriptions[ $cmd_pattern ] = $data;

1112	<input type="hidden" name="action" value="get_exploitscanner_results_all">
1113	<table>
1114	<tr><td>Scans to execute:</td><td>General Infos <input type='checkbox' name='scans[]' value='info' <?php if ( empty( $_POST ) \|\| in_array( 'info', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/>   File scan <input type='checkbox' name='scans[]' value='file_scan' <?php if ( empty( $_POST ) \|\| in_array( 'file_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/>   Database scan <input type='checkbox' name='scans[]' value='db_scan' <?php if ( empty( $_POST ) \|\| in_array( 'db_scan', $_POST['scans'] ) ) echo 'checked="checked"'; ?>/></td></tr>
1115	+ <tr><td>Severities to show:</td><td> Blocker <input type='checkbox' name='show[]' value='blocker' <?php if ( empty( $_POST ) \|\| in_array( 'blocker', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Severe <input type='checkbox' name='show[]' value='severe' <?php if ( empty( $_POST ) \|\| in_array( 'severe', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Warning <input type='checkbox' name='show[]' value='warning' <?php if ( !empty( $_POST ) && in_array( 'warning', $_POST['show'] ) ) echo 'checked="checked"'; ?>/>   Note <input type='checkbox' name='show[]' value='note' <?php if ( !empty( $_POST ) && in_array( 'note', $_POST['show'] ) ) echo 'checked="checked"'; ?>/></td></tr>
1116	<tr><td>Skip check:</td><td> File permission scan <input type='checkbox' name='skip_checks[]' value='file_permission_scan' <?php if ( empty( $_POST ) \|\| in_array( 'file_permission_scan', $_POST['skip_checks'] ) ) echo 'checked="checked"'; ?> /></td></tr>
1117	<tr><td>PHP Memory Limit:</td><td> <input type='text' size='3' name='memory_limit' value='<?php echo $_POST['memory_limit'] ? $_POST['memory_limit'] : 128; ?>'/>MB (Max memory used by PHP.)</td></tr>
1118	<tr><td>Upper File size Limit:</td><td> <input type='text' size='3' name='filesize_limit' value='<?php echo $_POST['filesize_limit'] ? $_POST['filesize_limit'] : 400; ?>' />KB (Skip files larger than this. Skipped files are listed at the end of scan.)</td></tr>

readme.txt CHANGED Viewed

	@@ -2,7 +2,7 @@
2	Contributors: donncha, duck_, ryan, azaozz, tott
3	Tags: hacking, spam, hack, crack, exploit, vulnerability
4	Tested up to: 2.8.6
5	- Stable tag: 0.8
6	Requires at least: 2.7.1
7	Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
8
	@@ -13,6 +13,7 @@ This plugin searches the files on your website, and the posts and comments table
13
14	It does not remove anything. That is left to the user to do.
15

16	* MD5 for version 0.8: d06d1f04d3652cafb862756ecc499884
17	* MD5 for version 0.7: 1d4b6797f10685bd271ebc1ec17b782c
18	* MD5 for version 0.6: a36d9eb168e51b62c61b1ab4afee8243


2	Contributors: donncha, duck_, ryan, azaozz, tott
3	Tags: hacking, spam, hack, crack, exploit, vulnerability
4	Tested up to: 2.8.6
5	+ Stable tag: 0.9
6	Requires at least: 2.7.1
7	Donate link: http://ocaoimh.ie/wordpress-plugins/gifts-and-donations/
8

13
14	It does not remove anything. That is left to the user to do.
15
16	+ * MD5 for version 0.9: c854cfad74d1a21111864d64600ff415
17	* MD5 for version 0.8: d06d1f04d3652cafb862756ecc499884
18	* MD5 for version 0.7: 1d4b6797f10685bd271ebc1ec17b782c
19	* MD5 for version 0.6: a36d9eb168e51b62c61b1ab4afee8243