fix: exploit lite mode

marcocesarato · marcocesarato · commit 662552ab1123 · 2021-01-07T00:58:49.000+01:00
diff --git a/src/Exploits.php b/src/Exploits.php
@@ -451,9 +451,14 @@ public static function getAll()
     public static function getLite()
     {
         $exploits = self::$default;
-        $exploits['execution'] = '/\b(eval|assert|passthru|exec|include|system|pcntl_exec|shell_exec|`|array_map|ob_start|call_user_func(_array)?)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE|SERVER)).*?(?=\))\)/';
-        $exploits['concat_vars_with_spaces'] = '/(\$([a-zA-Z0-9]+)[\s\r\n]*\.[\s\r\n]*){8}/';  // concatenation of more than 8 words, with spaces
-        $exploits['concat_vars_array'] = '/(\$([a-zA-Z0-9]+)(\{|\[)([0-9]+)(\}|\])[\s\r\n]*\.[\s\r\n]*){8}.*?(?=\})\}/i'; // concatenation of more than 8 words, with spaces
+
+        // Function that takes a callback as 1st parameter
+        $exploits['execution']['pattern'] = '/\b(eval|assert|passthru|exec|include|system|pcntl_exec|shell_exec|`|array_map|ob_start|call_user_func(_array)?)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE|SERVER)).*?(?=\))\)/';
+        // Concatenation of more than 8 words, with spaces
+        $exploits['concat_vars_with_spaces']['pattern'] = '/(\$([a-zA-Z0-9]+)[\s\r\n]*\.[\s\r\n]*){8}/';
+        // Concatenation of more than 8 words, with spaces
+        $exploits['concat_vars_array']['pattern'] = '/(\$([a-zA-Z0-9]+)(\{|\[)([0-9]+)(\}|\])[\s\r\n]*\.[\s\r\n]*){8}.*?(?=\})\}/i';
+
         unset(
             $exploits['nano'],
             $exploits['double_var2'],
