Jump to content

Recommended Posts

Hello peeps,

 

Can someone for the love of god tell me how to use this little snippet of code please,

 

(??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@])

 

Many many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/
Share on other sites

You don't get a pattern handed to you and then ask how to make use of it. You usually create a pattern to meat some need.

 

There is a tutorial on the main site that explains regex in some detail.

 

I know but what i did was run the SmokeTest on PHPIDS and they gave me these snippets to help but never specified how to use them,

 

And they look very complicated and well too complex for me.

 

Many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907439
Share on other sites

The regex tutorial on here ?,

 

I have i thought to myself why would PHPIDS give me a code that supposedly can be used straight away when i have to edit it,

 

And i shall have another look to see if i can get the hang of it but its very hard lol,

 

Many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907447
Share on other sites

As roopart said, that regex looks like it would be handy as a filter for eval. Are you passing user input into eval? Are you allowing users to create .php files on your server?

 

Im on php.net now trying to see if i can use that function :),

 

and no :),

 

Many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907466
Share on other sites

Perhaps asking PHPIDS themselves, or on the PHPIDS forum would get better help? I'm sure if this is something they hand out someone else must use it.

 

I have browsed page by page and unfortunately  that do not offer any support on usage :(,

 

Many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907467
Share on other sites

I wasn't suggesting you should use eval for anything. eval is probably considered one of the biggest security holes available if not protected as it allows users to execute arbitrary code if your not real careful with it.

 

I wouldn't recommend it for anything especially if your not sure what your doing.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907468
Share on other sites

I wasn't suggesting you should use eval for anything. eval is probably considered one of the biggest security holes available if not protected as it allows users to execute arbitrary code if your not real careful with it.

 

I wouldn't recommend it for anything especially if your not sure what your doing.

 

Lol im glad you told me that thanks dude :), not that i can get the hang of it anyway haha!.

 

Many thanks,

 

James.

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907469
Share on other sites

(??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@])

Match the regular expression below «(??:[;]+|(<[?%](?:php)?)).*(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)\s*["(@])»
   Match the regular expression below «(?:[;]+|(<[?%](?:php)?))»
      Match either the regular expression below (attempting the next alternative only if this one fails) «[;]+»
         Match the character “;” «[;]+»
            Between one and unlimited times, as many times as possible, giving back as needed (greedy) «+»
      Or match regular expression number 2 below (the entire group fails if this one fails to match) «(<[?%](?:php)?)»
         Match the regular expression below and capture its match into backreference number 1 «(<[?%](?:php)?)»
            Match the character “<” literally «<»
            Match a single character present in the list “?%” «[?%]»
            Match the regular expression below «(?:php)?»
               Between zero and one times, as many times as possible, giving back as needed (greedy) «?»
               Match the characters “php” literally «php»
   Match any single character that is not a line break character «.*»
      Between zero and unlimited times, as many times as possible, giving back as needed (greedy) «*»
   Match the regular expression below «(?:define|eval|file_get_contents|include|require|require_once|set|shell_exec|phpinfo|system|passthru|preg_\w+|execute)»
      Match either the regular expression below (attempting the next alternative only if this one fails) «define»
         Match the characters “define” literally «define»
      Or match regular expression number 2 below (attempting the next alternative only if this one fails) «eval»
         Match the characters “eval” literally «eval»
      Or match regular expression number 3 below (attempting the next alternative only if this one fails) «file_get_contents»
         Match the characters “file_get_contents” literally «file_get_contents»
      Or match regular expression number 4 below (attempting the next alternative only if this one fails) «include»
         Match the characters “include” literally «include»
      Or match regular expression number 5 below (attempting the next alternative only if this one fails) «require»
         Match the characters “require” literally «require»
      Or match regular expression number 6 below (attempting the next alternative only if this one fails) «require_once»
         Match the characters “require_once” literally «require_once»
      Or match regular expression number 7 below (attempting the next alternative only if this one fails) «set»
         Match the characters “set” literally «set»
      Or match regular expression number 8 below (attempting the next alternative only if this one fails) «shell_exec»
         Match the characters “shell_exec” literally «shell_exec»
      Or match regular expression number 9 below (attempting the next alternative only if this one fails) «phpinfo»
         Match the characters “phpinfo” literally «phpinfo»
      Or match regular expression number 10 below (attempting the next alternative only if this one fails) «system»
         Match the characters “system” literally «system»
      Or match regular expression number 11 below (attempting the next alternative only if this one fails) «passthru»
         Match the characters “passthru” literally «passthru»
      Or match regular expression number 12 below (attempting the next alternative only if this one fails) «preg_\w+»
         Match the characters “preg_” literally «preg_»
         Match a single character that is a “word character” (letters, digits, etc.) «\w+»
            Between one and unlimited times, as many times as possible, giving back as needed (greedy) «+»
      Or match regular expression number 13 below (the entire group fails if this one fails to match) «execute»
         Match the characters “execute” literally «execute»
   Match a single character that is a “whitespace character” (spaces, tabs, line breaks, etc.) «\s*»
      Between zero and unlimited times, as many times as possible, giving back as needed (greedy) «*»
   Match a single character present in the list “"(@” «["(@]»


Created with RegexBuddy

Link to comment
https://forums.phpfreaks.com/topic/172051-wtf-is-this-help/#findComment-907491
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.