forked from 5up3rc/Cobra-W
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCVI_1009.py
44 lines (33 loc) · 1 KB
/
CVI_1009.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# -*- coding: utf-8 -*-
"""
CVI-1009
~~~~
Remote code execute
:author: LoRexxar <[email protected]>
:homepage: https://github.com/LoRexxar/cobra
:license: MIT, see LICENSE for more details.
:copyright: Copyright (c) 2017 LoRexxar. All rights reserved
"""
from cobra.file import file_grep
class CVI_1009():
"""
rule class
"""
def __init__(self):
self.svid = 1009
self.language = "PHP"
self.author = "LoRexxar/wufeifei"
self.vulnerability = "RCE"
self.description = "Remote code execute"
# status
self.status = True
# 部分配置
self.match_mode = "function-param-regex"
self.match = "(array_map|create_function|call_user_func|call_user_func_array|assert|eval|dl|register_tick_function|register_shutdown_function|preg_replace)"
def main(self, regex_string):
"""
regex string input
:regex_string: regex match string
:return:
"""
pass