jamesxg1 Posted August 27, 2009 Share Posted August 27, 2009 Hello peeps, Can someone for the love of god tell me how to use this little snippet of code please, (??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@]) Many many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/ Share on other sites More sharing options...
newbtophp Posted August 27, 2009 Share Posted August 27, 2009 it looks like regex, unfourtanetly i dont know regex (regular expressions). Try the regex forum Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907163 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 Arggghhhh thanks mate you are a STAR!!, Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907166 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 Damn!, Its wasnt lol, Anyone have any clue what this is ?, Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907171 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 It is a regex. Maybe if you put it in some context your question would make more sense. Where did you get it for instance? Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907185 Share on other sites More sharing options...
roopurt18 Posted August 27, 2009 Share Posted August 27, 2009 It looks like a regexp to filter a string before passing it to eval(). Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907213 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 I got this from PHPIDS and they provided it so apparently it will help with my security. How do i use regexp ?, Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907426 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 Take a look at the pcre extension. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907429 Share on other sites More sharing options...
play_ Posted August 27, 2009 Share Posted August 27, 2009 It's complicated and not something you'll learn over night. you use it in functions such as preg_replace, preg_match, preg_split, etc. ie: http://us2.php.net/manual/en/function.preg-replace.php Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907430 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 =/ this is very complex and complicated stuff =/, I dont understand it all. I never got on too well with preg functions or regex. Could someone show me how to use it please, Or point me on the right track . Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907433 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 What i dont understand is most of these functions have '/' at the start, end, & in the middle of expression why doesnt the code i got given have any of them =/, Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907435 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 You don't get a pattern handed to you and then ask how to make use of it. You usually create a pattern to meat some need. There is a tutorial on the main site that explains regex in some detail. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907436 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 You don't get a pattern handed to you and then ask how to make use of it. You usually create a pattern to meat some need. There is a tutorial on the main site that explains regex in some detail. I know but what i did was run the SmokeTest on PHPIDS and they gave me these snippets to help but never specified how to use them, And they look very complicated and well too complex for me. Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907439 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 Why don't you have a look at the tutorial on the front site and see if you can't get at least a start? Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907444 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 The regex tutorial on here ?, I have i thought to myself why would PHPIDS give me a code that supposedly can be used straight away when i have to edit it, And i shall have another look to see if i can get the hang of it but its very hard lol, Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907447 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 As roopart said, that regex looks like it would be handy as a filter for eval. Are you passing user input into eval? Are you allowing users to create .php files on your server? Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907449 Share on other sites More sharing options...
Adam Posted August 27, 2009 Share Posted August 27, 2009 Perhaps asking PHPIDS themselves, or on the PHPIDS forum would get better help? I'm sure if this is something they hand out someone else must use it. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907453 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 As roopart said, that regex looks like it would be handy as a filter for eval. Are you passing user input into eval? Are you allowing users to create .php files on your server? Im on php.net now trying to see if i can use that function , and no , Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907466 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 Perhaps asking PHPIDS themselves, or on the PHPIDS forum would get better help? I'm sure if this is something they hand out someone else must use it. I have browsed page by page and unfortunately that do not offer any support on usage , Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907467 Share on other sites More sharing options...
trq Posted August 27, 2009 Share Posted August 27, 2009 I wasn't suggesting you should use eval for anything. eval is probably considered one of the biggest security holes available if not protected as it allows users to execute arbitrary code if your not real careful with it. I wouldn't recommend it for anything especially if your not sure what your doing. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907468 Share on other sites More sharing options...
jamesxg1 Posted August 27, 2009 Author Share Posted August 27, 2009 I wasn't suggesting you should use eval for anything. eval is probably considered one of the biggest security holes available if not protected as it allows users to execute arbitrary code if your not real careful with it. I wouldn't recommend it for anything especially if your not sure what your doing. Lol im glad you told me that thanks dude , not that i can get the hang of it anyway haha!. Many thanks, James. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907469 Share on other sites More sharing options...
Mardoxx Posted August 27, 2009 Share Posted August 27, 2009 (??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@]) Match the regular expression below «(??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@])» Match the regular expression below «(?:[;]+|(<[?%](?:php)?))» Match either the regular expression below (attempting the next alternative only if this one fails) «[;]+» Match the character “;” «[;]+» Between one and unlimited times, as many times as possible, giving back as needed (greedy) «+» Or match regular expression number 2 below (the entire group fails if this one fails to match) «(<[?%](?:php)?)» Match the regular expression below and capture its match into backreference number 1 «(<[?%](?:php)?)» Match the character “<” literally «<» Match a single character present in the list “?%” «[?%]» Match the regular expression below «(?:php)?» Between zero and one times, as many times as possible, giving back as needed (greedy) «?» Match the characters “php” literally «php» Match any single character that is not a line break character «.*» Between zero and unlimited times, as many times as possible, giving back as needed (greedy) «*» Match the regular expression below «(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)» Match either the regular expression below (attempting the next alternative only if this one fails) «define» Match the characters “define” literally «define» Or match regular expression number 2 below (attempting the next alternative only if this one fails) «eval» Match the characters “eval” literally «eval» Or match regular expression number 3 below (attempting the next alternative only if this one fails) «file_get_contents» Match the characters “file_get_contents” literally «file_get_contents» Or match regular expression number 4 below (attempting the next alternative only if this one fails) «include» Match the characters “include” literally «include» Or match regular expression number 5 below (attempting the next alternative only if this one fails) «require» Match the characters “require” literally «require» Or match regular expression number 6 below (attempting the next alternative only if this one fails) «require_once» Match the characters “require_once” literally «require_once» Or match regular expression number 7 below (attempting the next alternative only if this one fails) «set» Match the characters “set” literally «set» Or match regular expression number 8 below (attempting the next alternative only if this one fails) «shell_exec» Match the characters “shell_exec” literally «shell_exec» Or match regular expression number 9 below (attempting the next alternative only if this one fails) «phpinfo» Match the characters “phpinfo” literally «phpinfo» Or match regular expression number 10 below (attempting the next alternative only if this one fails) «system» Match the characters “system” literally «system» Or match regular expression number 11 below (attempting the next alternative only if this one fails) «passthru» Match the characters “passthru” literally «passthru» Or match regular expression number 12 below (attempting the next alternative only if this one fails) «preg_\w+» Match the characters “preg_” literally «preg_» Match a single character that is a “word character” (letters, digits, etc.) «\w+» Between one and unlimited times, as many times as possible, giving back as needed (greedy) «+» Or match regular expression number 13 below (the entire group fails if this one fails to match) «execute» Match the characters “execute” literally «execute» Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.) «\s*» Between zero and unlimited times, as many times as possible, giving back as needed (greedy) «*» Match a single character present in the list “"(@” «["(@]» Created with RegexBuddy Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907491 Share on other sites More sharing options...
Adam Posted August 27, 2009 Share Posted August 27, 2009 To be honest I can follow the regexp better than that... Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907493 Share on other sites More sharing options...
Mardoxx Posted August 27, 2009 Share Posted August 27, 2009 isn't it p much this, but purely using regex? http://uk.php.net/manual/en/function.eval.php#86884 Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907495 Share on other sites More sharing options...
Adam Posted August 27, 2009 Share Posted August 27, 2009 Not really that function's a lot more extensive than the regexp, which really just covers functions. Quote Link to comment https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907498 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.