1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
# Execution
exec[[:space:]]*\([^;\)]*\$[\(\{]?[_a-zA-Z0-9][^\)]*\)[[:space:]]*[\);]
passthru[[:space:]]*\(.*\)
popen[[:space:]]*\(.*\$.*\)
shell_exec[[:space:]]*\(.*\$.*\)
system[[:space:]]*\([^;]*\$[^\)]+\)
call_user_func[[:space:]]*\(.?.?\$.*,.?\$.*
[= (]`[^`]*\$[\(\{]?[_a-zA-Z0-9][^`]*`
^`[^`]*\$[\(\{]?[_a-zA-Z0-9][^`]*`
#Otherstuffs
#XSS signature needs to stop matching before LF when color=on #bug(1)
echo.*\$_.*\[.*\]
eval[[:space:]]*\(.*\$.*\)
#SQLi signature needs to stop matching before LF when color=on #bug(1)
(mysql.?_|pg_|sqlsrv_|::)query[[:space:]]*\(.*\$.*\)
[Ww][Hh][Ee][Rr][Ee][[:space:]]+.*=.*\$[^; ]+
([Ww][Hh][Ee][Rr][Ee]|[Aa][Nn][Dd]|[Oo][Rr])[[:space:]]+.*[[:space:]]+[Ll][Ii][Kk][Ee][[:space:]]+.*\$
VALUES[[:space:]]*\([^\)]*\$.*\)
^[[:space:]]*(include|include_once|require|require_once)[[:space:]]*\([^\;\}\{]*\$.*\)
print.*param[[:space:]]*\(.*\);
extract[[:space:]]*\(\$_(GET|POST|REQUEST|COOKIE|SERVER)
new[[:space:]]+\$_(GET|REQUEST|POST|COOKIE).*\(
|
