From b9744a5cfd32e56111fe2a66aa3a01cb404f99a8 Mon Sep 17 00:00:00 2001 From: Caleb Mazalevskis Date: Thu, 5 Sep 2024 22:21:28 +0800 Subject: [PATCH] Extras module update. --- modules/module_extras.php | 7 ++++++- modules/modules.dat | 4 ++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/module_extras.php b/modules/module_extras.php index f0b3a1e..7f270b3 100644 --- a/modules/module_extras.php +++ b/modules/module_extras.php @@ -8,7 +8,7 @@ * License: GNU/GPLv2 * @see LICENSE.txt * - * This file: Optional security extras module (last modified: 2024.09.03). + * This file: Optional security extras module (last modified: 2024.09.05). * * False positive risk (an approximate, rough estimate only): « [ ]Low [x]Medium [ ]High » */ @@ -139,6 +139,11 @@ $CIDRAM['Reporter']->report([15, 20, 21], ['Caught probing for webshells/backdoors. Host might be compromised.'], $CIDRAM['BlockInfo']['IPAddr']); } // 2023.08.18 mod 2024.08.04 + /** Probing for vulnerable plugins or webapps. */ + if ($Trigger(preg_match('~/dup-installer/main\.installer\.php[57]?(?:$|[/?])~', $LCNrURI), $Exploit = 'CVE-2022-2551')) { + $CIDRAM['Reporter']->report([15, 21], ['Caught probing for ' . $Exploit . ' vulnerability.'], $CIDRAM['BlockInfo']['IPAddr']); + } // 2024.09.05 + /** Probing for webshells/backdoors. */ if ($Trigger(preg_match( '~(?:^|[/?])(?:[1-9cefimnptuwx]{27}\.jsp$)~', diff --git a/modules/modules.dat b/modules/modules.dat index c2a7ffd..298ed00 100644 --- a/modules/modules.dat +++ b/modules/modules.dat @@ -233,7 +233,7 @@ module_cookies.php: module_extras.php: Name: "Optional security extras module" False Positive Risk: "Medium" - Version: "2024.246.0" + Version: "2024.248.0" Dependencies: PHP: "^5.4|^7|^8" CIDRAM Core: "^1.13.1|^2.0.1" @@ -248,7 +248,7 @@ module_extras.php: - "module_extras.php" - "module_extras.yaml" Checksum: - - "ffbe6381d42454d9553c80b3407d3bd0101f2aaa33637ce2e1c200b1e16528d0:28101" + - "9646163293a81a8a7008a4ee48b51edf8ecd4b51b5ccccc4f145efa0379aa0b9:28453" - "7b891d1fa4b1c52c410220bc758e8cb7064bd6040430fb149a5b60e9ae2e0838:890" Used with: "modules" Reannotate: "modules.dat"