Skip to content

Commit 459d75d

Browse files
marcocesaratomarcocesarato
committed
feat: add new encoded functions on list
1 parent aa8f98b commit 459d75d

File tree

2 files changed

+97
-41
lines changed

2 files changed

+97
-41
lines changed

src/Functions.php

+96-39
Original file line numberDiff line numberDiff line change
@@ -29,44 +29,23 @@ class Functions
2929
'syslog',
3030
'passthru',
3131
'define_syslog_variables',
32-
/*
33-
"dl",
34-
"debugger_off",
35-
"debugger_on",
36-
"parse_ini_file",
37-
"show_source",
38-
"symlink",
39-
"popen",
40-
*/
4132
'posix_kill',
42-
/*
43-
"posix_getpwuid",
44-
"posix_mkfifo",
45-
"posix_setpgid",
46-
"posix_setsid",
47-
"posix_setuid",
48-
*/
33+
'posix_getpwuid',
34+
'posix_mkfifo',
35+
'posix_setpgid',
36+
'posix_setsid',
37+
'posix_setuid',
4938
'posix_uname',
5039
'proc_close',
5140
'proc_get_status',
5241
'proc_nice',
5342
'proc_open',
5443
'proc_terminate',
55-
/*
56-
"ini_alter",
57-
"ini_get_all",
58-
"ini_restore",
59-
"parse_ini_file",
60-
*/
44+
'pcntl_exec',
6145
'inject_code',
6246
'apache_child_terminate',
6347
'apache_note',
6448
'define_syslog_variables',
65-
/*
66-
"apache_setenv",
67-
"escapeshellarg",
68-
"escapeshellcmd",
69-
*/
7049
];
7150

7251
/**
@@ -75,51 +54,129 @@ class Functions
7554
* @var array
7655
*/
7756
public static $dangerous = [
57+
// PHP Code Execution
7858
'il_exec',
7959
'shell_exec',
8060
'eval',
8161
'system',
8262
'create_function',
8363
'exec',
64+
'pcntl_exec',
8465
'assert',
85-
'syslog',
8666
'passthru',
67+
'create_function',
68+
'include',
69+
'include_once',
70+
'require',
71+
'require_once',
72+
'preg_replace',
73+
// Files and configurations
74+
'syslog',
8775
'define_syslog_variables',
8876
'debugger_off',
77+
'get_meta_tags',
78+
'highlight_file',
8979
'debugger_on',
9080
'parse_ini_file',
81+
'php_strip_whitespace',
9182
'show_source',
9283
'symlink',
93-
'popen',
84+
'fopen',
85+
'file_get_contents',
86+
'file_put_contents',
87+
'chmod',
88+
'chown',
89+
'copy',
90+
'move',
91+
'is_file',
92+
'is_dir',
93+
'ini_alter',
94+
'ini_get_all',
95+
'ini_restore',
96+
'parse_ini_file',
97+
'inject_code',
98+
'apache_child_terminate',
99+
'apache_setenv',
100+
'apache_note',
101+
'define_syslog_variables',
102+
// Curl
103+
'curl_init',
104+
'curl_setopt',
105+
'curl_exec',
106+
// Posix
94107
'posix_kill',
95108
'posix_getpwuid',
96109
'posix_mkfifo',
97110
'posix_setpgid',
98111
'posix_setsid',
99112
'posix_setuid',
100113
'posix_uname',
114+
// Processes
115+
'popen',
101116
'proc_close',
102117
'proc_get_status',
103118
'proc_nice',
104119
'proc_open',
105120
'proc_terminate',
106-
'ini_alter',
107-
'ini_get_all',
108-
'ini_restore',
109-
'parse_ini_file',
110-
'inject_code',
111-
'apache_child_terminate',
112-
'apache_setenv',
113-
'apache_note',
114-
'define_syslog_variables',
121+
// Encoding
115122
'escapeshellarg',
116123
'escapeshellcmd',
117124
'base64_decode',
118125
'urldecode',
119126
'rawurldecode',
120127
'str_rot13',
121128
'preg_replace',
122-
'create_function',
129+
// Information Disclosure
130+
'phpinfo',
131+
'posix_mkfifo',
132+
'posix_getlogin',
133+
'posix_ttyname',
134+
'getenv',
135+
'get_current_user',
136+
'proc_get_status',
137+
'get_cfg_var',
138+
'disk_free_space',
139+
'disk_total_space',
140+
'diskfreespace',
141+
'getcwd',
142+
'getlastmo',
143+
'getmygid',
144+
'getmyinode',
145+
'getmypid',
146+
'getmyuid',
147+
// Callback functions
148+
'ob_start',
149+
'array_diff_uassoc',
150+
'array_diff_ukey',
151+
'array_filter',
152+
'array_intersect_uassoc',
153+
'array_intersect_ukey',
154+
'array_map',
155+
'array_reduce',
156+
'array_udiff_assoc',
157+
'array_udiff_uassoc',
158+
'array_udiff',
159+
'array_uintersect_assoc',
160+
'array_uintersect_uassoc',
161+
'array_uintersect',
162+
'array_walk_recursive',
163+
'array_walk',
164+
'assert_options',
165+
'uasort',
166+
'uksort',
167+
'usort',
168+
'preg_replace_callback',
169+
'spl_autoload_register',
170+
'iterator_apply',
171+
'call_user_func',
172+
'call_user_func_array',
173+
'register_shutdown_function',
174+
'register_tick_function',
175+
'set_error_handler',
176+
'set_exception_handler',
177+
'session_set_save_handler',
178+
'sqlite_create_aggregate',
179+
'sqlite_create_function',
123180
];
124181

125182
/**

src/Scanner.php

+1-2
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,6 @@ class Scanner
157157
*/
158158
public static $functionsEncoded = [];
159159

160-
161160
/**
162161
* Functions encoded values.
163162
*
@@ -1003,7 +1002,7 @@ public function scanFile($info)
10031002
*/
10041003
foreach ($encoders as $encoder) {
10051004
$key = $funcRaw . $encoder;
1006-
if(isset(self::$functionsEncodedValues[$key])) {
1005+
if (isset(self::$functionsEncodedValues[$key])) {
10071006
$value = self::$functionsEncodedValues[$key];
10081007
} else {
10091008
$value = @$encoder($funcRaw);

0 commit comments

Comments
 (0)