Difference between revisions of "WSO"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with " <?php →* * POSSIBLE PATTERNS = "passthru|shell_exec|system|phpinfo|base64_decode|popen|exec|proc_open|pcntl_exec|python_eval|fopen|fclose|readfile": ini_set('max_e...") |
Onnowpurbo (talk | contribs) |
||
| Line 56: | Line 56: | ||
* https://getbutterfly.com/wordpress-wso-web-shell-hack/ | * https://getbutterfly.com/wordpress-wso-web-shell-hack/ | ||
| + | * https://github.com/theralfbrown/webshell/blob/master/WSO.php | ||
| + | * https://github.com/Josexv1/wso-webshell | ||
| + | * https://github.com/mIcHyAmRaNe/wso-webshell | ||
Latest revision as of 16:10, 24 January 2023
<?php
/**
* POSSIBLE PATTERNS =
"passthru|shell_exec|system|phpinfo|base64_decode|popen|exec|proc_open|pcntl_exec|python_eval|fopen|fclose|readfile"
*/
ini_set('max_execution_time', '0');
ini_set('set_time_limit', '0');
find_files('.');
function find_files($seed) {
if (!is_dir($seed)) {
return false;
}
$files = [];
$dirs = [$seed];
while (NULL !== ($dir = array_pop($dirs))) {
if ($dh = opendir($dir)) {
while(false !== ($file = readdir($dh))) {
if ($file == '.' || $file == '..') {
continue;
}
$path = $dir . '/' . $file;
if (is_dir($path)) {
$dirs[] = $path;
} else {
if (preg_match('/^.*\.(php[\d]?|js|txt)$/i', $path)) {
check_files($path);
}
}
}
closedir($dh);
}
}
}
function check_files($this_file) {
$str_to_find = 'wso'; // the string(code/text) to search for
if (!($content = file_get_contents($this_file))) {
echo "
Could not check $this_file
\n";
} else {
if (stristr($content, $str_to_find)) {
echo "
$this_file -> contains $str_to_find
\n";
}
}
unset($content);
}