public static function misc_form_bypass()
{
/**
* Miscellaneous Form Spam Check Bypass
*/
/* Setup necessary variables */
$url = rs_wpss_get_url();
$url_lc = rs_wpss_casetrans('lower', $url);
$req_uri = $_SERVER['REQUEST_URI'];
$req_uri_lc = rs_wpss_casetrans('lower', $req_uri);
$post_count = count($_POST);
$ip = rs_wpss_get_ip_addr();
$user_agent = rs_wpss_get_user_agent();
$referer = rs_wpss_get_referrer();
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/* GEOLOCATION */
if ($post_count == 6 && isset($_POST['updatemylocation'], $_POST['log'], $_POST['lat'], $_POST['country'], $_POST['zip'], $_POST['myaddress'])) {
return TRUE;
}
/* WP Remote */
if (defined('WPRP_PLUGIN_SLUG') && !empty($_POST['wpr_verify_key']) && preg_match("~\\ WP\\-Remote\$~", $user_agent) && preg_match("~\\.amazonaws\\.com\$~", $reverse_dns)) {
return TRUE;
}
/* Ecommerce Plugins */
if ((rs_wpss_is_ssl() || !empty($_POST['add-to-cart']) || !empty($_POST['add_to_cart']) || !empty($_POST['addtocart']) || !empty($_POST['product-id']) || !empty($_POST['product_id']) || !empty($_POST['productid']) || $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') && self::is_ecom_enabled()) {
return TRUE;
}
if ((rs_wpss_is_ssl() || self::is_ecom_enabled()) && $fcrdns === '[Verified]') {
/* PayPal, Stripe, Authorize.net, Worldpay, etc */
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~(^|\\.)paypal\\.com\$~", $reverse_dns) || $reverse_dns === 'api.stripe.com' || preg_match("~(^|\\.)(authorize\\.net|worldpay\\.com|payfast\\.co\\.za|api\\.mollie\\.nl|api\\.simplifycommerce\\.com|wepayapi\\.com|2checkout\\.com|paylane\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* WooCommerce Payment Gateways */
if (self::is_woocom_enabled()) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || strpos($req_uri, 'WC_Gateway_Paypal') !== FALSE) {
return TRUE;
}
if (preg_match("~(^|\\.)payfast\\.co\\.za\$~", $reverse_dns) || strpos($req_uri, 'wc-api') !== FALSE && strpos($req_uri, 'WC_Gateway_PayFast') !== FALSE) {
return TRUE;
}
/* Plugin: 'woocommerce-gateway-payfast/gateway-payfast.php' */
if (preg_match("~((\\?|\\&)wc\\-api\\=WC_(Addons_)?Gateway_|/wc\\-api/.*WC_(Addons_)?Gateway_)~", $req_uri)) {
return TRUE;
}
/* $wc_gateways = array( 'WC_Gateway_BACS', 'WC_Gateway_Cheque', 'WC_Gateway_COD', 'WC_Gateway_Paypal', 'WC_Addons_Gateway_Simplify_Commerce', 'WC_Gateway_Simplify_Commerce' ); */
}
/* Easy Digital Downloads Payment Gateways */
if (defined('EDD_VERSION')) {
if ($user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) || !empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'IPN' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'IPN') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) && $_GET['edd-listener'] === 'amazon' || strpos($req_uri, 'edd-listener') !== FALSE && strpos($req_uri, 'amazon') !== FALSE) {
return TRUE;
}
if (!empty($_GET['edd-listener']) || strpos($req_uri, 'edd-listener') !== FALSE) {
return TRUE;
}
}
/* Gravity Forms PayPal Payments Standard Add-On ( http://www.gravityforms.com/add-ons/paypal/ ) */
if (defined('GF_MIN_WP_VERSION') && defined('GF_PAYPAL_VERSION') || class_exists('GFForms') && class_exists('GF_PayPal_Bootstrap')) {
if ($url === WPSS_SITE_URL . '/?page=gf_paypal_ipn' && isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign'])) {
return TRUE;
}
}
/* PayPal IPN */
if (isset($_POST['ipn_track_id'], $_POST['payer_id'], $_POST['payment_type'], $_POST['payment_status'], $_POST['receiver_id'], $_POST['txn_id'], $_POST['txn_type'], $_POST['verify_sign']) && FALSE !== strpos($req_uri_lc, 'paypal') && $user_agent === 'PayPal IPN ( https://www.paypal.com/ipn )' && preg_match("~^(ipn|ipnpb|notify|reports)(\\.sandbox)?\\.paypal\\.com\$~", $reverse_dns) && $fcrdns === '[Verified]') {
return TRUE;
}
/* Clef */
if (defined('CLEF_VERSION')) {
if (preg_match("~^Clef/[0-9](\\.[0-9]+)+\\ \\(https\\://getclef\\.com\\)\$~", $user_agent) && preg_match("~((^|\\.)clef\\.io|\\.amazonaws\\.com)\$~", $reverse_dns)) {
return TRUE;
}
}
/* OA Social Login */
if (defined('OA_SOCIAL_LOGIN_VERSION')) {
$ref_dom_rev = strrev(rs_wpss_get_domain($referer));
$oa_dom_rev = strrev('api.oneall.com');
if ($post_count >= 4 && isset($_GET['oa_social_login_source'], $_POST['oa_action'], $_POST['oa_social_login_token'], $_POST['connection_token'], $_POST['identity_vault_key']) && $_POST['oa_action'] === 'social_login' && strpos($ref_dom_rev, $oa_dom_rev) === 0) {
return TRUE;
}
}
/* Nothing was triggered */
return FALSE;
}
function rs_wpss_extra_notification_data($text, $spamshield_options = NULL, $cf7 = FALSE)
{
if (empty($spamshield_options)) {
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
}
rs_wpss_update_session_data($spamshield_options);
$post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst);
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
$eml_eol = "\r\n";
/* Added 1.9.7 */
if (!empty($cf7)) {
$text .= $eml_eol;
}
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
global $wpss_geolocation;
if (empty($wpss_geolocation)) {
$wpss_geolocation = rs_wpss_wf_geoiploc($ip, TRUE);
}
} else {
global $wpss_geoloc_short;
if (empty($wpss_geoloc_short)) {
$wpss_geoloc_short = rs_wpss_wf_geoiploc_short($ip);
}
}
/* Sanitized versions for output */
$wpss_http_accept_language = rs_wpss_get_http_accept(FALSE, FALSE, TRUE);
$wpss_http_accept = rs_wpss_get_http_accept();
$wpss_http_user_agent = rs_wpss_get_user_agent();
$wpss_http_browser = rs_wpss_get_browser();
$wpss_http_referer = rs_wpss_get_referrer(FALSE, TRUE, TRUE);
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
if (empty($spamshield_options['hide_extra_data'])) {
if (!empty($cf7)) {
$text .= $eml_eol;
}
$text .= $eml_eol;
$text .= '------------------------------------------------------------------------------' . $eml_eol;
$text .= __('Additional Technical Data Added by WP-SpamShield', 'wp-spamshield') . $eml_eol;
$text .= '------------------------------------------------------------------------------' . $eml_eol;
/* DEBUG ONLY - BEGIN */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
/* CF7 Only */
if (!empty($cf7)) {
$wpss_log_session_data = rs_wpss_get_log_session_data();
extract($wpss_log_session_data);
$noda = '[No Data]';
/* Timer - BEGIN*/
$wpss_time_end = microtime(TRUE);
if (empty($wpss_time_init) && !empty($wpss_timestamp_init)) {
$wpss_time_init = $wpss_timestamp_init;
}
if (!empty($wpss_time_init)) {
$wpss_time_on_site = rs_wpss_timer($wpss_time_init, $wpss_time_end, TRUE, 2);
} else {
$wpss_time_on_site = $noda;
}
if (!empty($wpss_timestamp_init)) {
$wpss_site_entry_time = get_date_from_gmt(date('Y-m-d H:i:s', $wpss_timestamp_init), 'Y-m-d (D) H:i:s e');
/* Added 1.7.3 */
} else {
$wpss_site_entry_time = $noda;
}
/* Timer - END */
$wpss_hits_per_page = str_replace(WPSS_EOL, $eml_eol, $wpss_hits_per_page);
$text .= "Pages Visited: " . $wpss_hits_per_page;
$text .= "Time on Site: ['" . $wpss_time_on_site . "']" . $eml_eol;
}
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= $eml_eol . "JS Page Referrer Check: {$ref2xJS}" . $eml_eol;
}
if (!empty($post_jsonst)) {
$JSONST = sanitize_text_field($post_jsonst);
$text .= $eml_eol . "JSONST: {$JSONST}" . $eml_eol;
}
} else {
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= $eml_eol . __('Page Referrer Check.', 'wp-spamshield') . ': ' . $ref2xJS . $eml_eol;
}
}
$text .= $eml_eol;
$text .= __('Referrer', 'wp-spamshield') . ': ' . $wpss_http_referer . $eml_eol . $eml_eol;
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0 && !empty($_COOKIE['_referrer_og'])) {
$text .= __('Clicky Referrer', 'wp-spamshield') . ': ' . $_COOKIE['_referrer_og'] . $eml_eol . $eml_eol;
/* DEBUG ONLY - Added 1.9.7 */
}
$text .= __('User-Agent (Browser/OS)', 'wp-spamshield') . ': ' . $wpss_http_user_agent . $eml_eol;
if (!empty($wpss_http_browser)) {
$text .= __('Browser', 'wp-spamshield') . ': ' . $wpss_http_browser . $eml_eol;
}
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
if (!empty($wpss_geolocation) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Location', 'wp-spamshield') . ': ' . $wpss_geolocation . $eml_eol;
}
} else {
if (!empty($wpss_geoloc_short) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Country', 'wp-spamshield') . ': ' . $wpss_geoloc_short . $eml_eol;
}
}
$text .= __('IP Address', 'wp-spamshield') . ': ' . $ip . $eml_eol;
$text .= __('Server', 'wp-spamshield') . ': ' . $reverse_dns . $eml_eol;
$text .= __('IP Address Lookup', 'wp-spamshield') . ': http://ipaddressdata.com/' . $ip . "\r\n\r\n";
$text .= '(' . __('This data is helpful if you need to submit a spam sample.', 'wp-spamshield') . ')' . $eml_eol;
}
return $text;
}
function rs_wpss_extra_notification_data($text, $spamshield_options = NULL)
{
if (empty($spamshield_options)) {
global $spamshield_options;
if (empty($spamshield_options)) {
$spamshield_options = get_option('spamshield_options');
}
}
rs_wpss_update_session_data($spamshield_options);
$post_jsonst = !empty($_POST[WPSS_JSONST]) ? trim($_POST[WPSS_JSONST]) : '';
$post_ref2xjs = !empty($_POST[WPSS_REF2XJS]) ? trim($_POST[WPSS_REF2XJS]) : '';
$post_jsonst_lc = rs_wpss_casetrans('lower', $post_jsonst);
$post_ref2xjs_lc = rs_wpss_casetrans('lower', $post_ref2xjs);
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
global $wpss_geolocation;
if (empty($wpss_geolocation)) {
$wpss_geolocation = rs_wpss_wf_geoiploc($ip, TRUE);
}
} else {
global $wpss_geoloc_short;
if (empty($wpss_geoloc_short)) {
$wpss_geoloc_short = rs_wpss_wf_geoiploc_short($ip);
}
}
/* Sanitized versions for output */
$wpss_http_accept_language = rs_wpss_get_http_accept(FALSE, FALSE, TRUE);
$wpss_http_accept = rs_wpss_get_http_accept();
$wpss_http_user_agent = rs_wpss_get_user_agent();
$wpss_http_referer = rs_wpss_get_referrer(FALSE, TRUE, TRUE);
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
if (empty($spamshield_options['hide_extra_data'])) {
$text .= "\r\n";
$text .= '-------------------------------------------------------------------------------------' . "\r\n";
$text .= __('Additional Technical Data Added by WP-SpamShield', WPSS_PLUGIN_NAME) . "\r\n";
$text .= '-------------------------------------------------------------------------------------' . "\r\n";
/* DEBUG ONLY - BEGIN */
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= "\r\nJS Page Referrer Check: {$ref2xJS}\r\n";
}
if (!empty($post_jsonst)) {
$JSONST = sanitize_text_field($post_jsonst);
$text .= "\r\nJSONST: {$JSONST}\r\n";
}
} else {
if (!empty($post_ref2xjs)) {
$ref2xJS = addslashes(urldecode($post_ref2xjs));
$ref2xJS = str_replace('%3A', ':', $ref2xJS);
$ref2xJS = str_replace(' ', '+', $ref2xJS);
$ref2xJS = esc_url_raw($ref2xJS);
$text .= "\r\n" . __('Page Referrer Check.', WPSS_PLUGIN_NAME) . ': ' . $ref2xJS . "\r\n";
}
}
$text .= "\r\n";
$text .= __('Referrer', WPSS_PLUGIN_NAME) . ': ' . $wpss_http_referer . "\r\n\r\n";
/* Initial referrer, aka "Referring Site" - Changed 1.7.9 */
$text .= __('User-Agent (Browser/OS)', WPSS_PLUGIN_NAME) . ': ' . $wpss_http_user_agent . "\r\n";
if (strpos(WPSS_SERVER_NAME_REV, WPSS_DEBUG_SERVER_NAME_REV) === 0) {
if (!empty($wpss_geolocation) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Location', WPSS_PLUGIN_NAME) . ': ' . $wpss_geolocation . "\r\n";
}
} else {
if (!empty($wpss_geoloc_short) && rs_wpss_is_lang_en_us()) {
/* English only for now; TO DO: TRANSLATE */
$text .= __('Country', WPSS_PLUGIN_NAME) . ': ' . $wpss_geoloc_short . "\r\n";
}
}
$text .= __('IP Address', WPSS_PLUGIN_NAME) . ': ' . $ip . "\r\n";
$text .= __('Server', WPSS_PLUGIN_NAME) . ': ' . $reverse_dns . "\r\n";
$text .= __('IP Address Lookup', WPSS_PLUGIN_NAME) . ': http://ipaddressdata.com/' . $ip . "\r\n\r\n";
$text .= '(' . __('This data is helpful if you need to submit a spam sample.', WPSS_PLUGIN_NAME) . ')' . "\r\n";
}
return $text;
}
public function check_post_sec()
{
/***
* Check if POST submission is security threat: hack attempt or vulnerability probe
***/
$site_url = WPSS_SITE_URL;
$site_dom = WPSS_SITE_DOMAIN;
$admin_url = WPSS_ADMIN_URL . '/';
$cont_url = WPSS_CONTENT_DIR_URL . '/';
$plug_url = WPSS_PLUGINS_DIR_URL . '/';
$post_count = count($_POST);
$user_agent = rs_wpss_get_user_agent();
$req_url = rs_wpss_casetrans('lower', rs_wpss_get_url());
$req_ajax = rs_wpss_is_ajax_request();
$req_404 = rs_wpss_is_404();
/* Not all WP sites return proper 404 status. The fact this security check even got activated means it was a 404. */
$req_hal = rs_wpss_get_http_accept(TRUE, TRUE, TRUE);
$req_ha = rs_wpss_get_http_accept(TRUE, TRUE);
/* IP / PROXY INFO - BEGIN */
global $wpss_ip_proxy_info;
if (empty($wpss_ip_proxy_info)) {
$wpss_ip_proxy_info = rs_wpss_ip_proxy_info();
}
extract($wpss_ip_proxy_info);
/* IP / PROXY INFO - END */
/* Short Signatures - Regex */
$rgx_sig_arr = array('-e*5l?*B-@yZ_-,8_-lSZ98BC[', '+25-Z9dCZ,87C-7CBlSZ=-C[');
foreach ($_POST as $k => $v) {
$v = rs_wpss_casetrans('lower', $v);
foreach ($rgx_sig_arr as $i => $s) {
/* Switch to single preg_match as this expands, replace nested foreach() */
$sd = rs_wpss_rbkmd($s, 'de');
if (FALSE !== strpos($v, $sd)) {
return TRUE;
}
}
}
/* Full Signatures */
$signatures = array(array('description' => 'Revslider & Showbiz Pro - AJAX Vulnerability', 'post_i_min' => 2, 'post_i_max' => 2, 'target_urls' => array('/wp-admin/admin-ajax.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('action' => 'revslider_ajax_action', 'client_action' => 'update_plugin'), array('action' => 'showbiz_ajax_action', 'client_action' => 'update_plugin'))), array('description' => 'WP Marketplace <= 2.4.0 & WP Download Manager <=2.7.4 - Remote Code Execution', 'post_i_min' => 5, 'post_i_max' => 5, 'target_urls' => array(), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('action' => 'wpmp_pp_ajax_call', 'user_login' => '*', 'execute' => 'wp_insert_user', 'role' => 'administrator', 'user_pass' => '*'), array('action' => 'wpdm_ajax_call', 'user_login' => '*', 'execute' => 'wp_insert_user', 'role' => 'administrator', 'user_pass' => '*'))), array('description' => 'WP Symposium <= 14.11 - Shell Upload Vulnerability', 'post_i_min' => 2, 'post_i_max' => 3, 'target_urls' => array('/wp-content/plugins/wp-symposium/server/php/index.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('uploader_url' => $plug_url . '/wp-symposium/server/php/', 'uploader_uid' => '1'))), array('description' => 'Ultimate Product Catalogue <= 3.11 - Multiple Vulnerabilities', 'post_i_min' => 3, 'post_i_max' => 3, 'target_urls' => array('/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-links-ompt.php', '/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-includes.php', '/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-styles.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('p2' => '2929', 'abc28' => 'print $_REQUEST[\'p1\'].$_REQUEST[\'p2\']', 'p1' => '4242'), array('p2' => '2929', 'af5f492a1' => 'print $_REQUEST[\'p1\'].$_REQUEST[\'p2\']', 'p1' => '4242'), array('p2' => '2929', 'e41e' => 'print $_REQUEST[\'p1\'].$_REQUEST[\'p2\']', 'p1' => '4242'))), array('description' => 'Ultimate Product Catalogue <= 3.11 - Multiple Vulnerabilities', 'post_i_min' => 1, 'post_i_max' => 1, 'target_urls' => array('/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-setup.php', '/wp-content/plugins/ultimate-product-catalogue/product-sheets/wp-includes.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('e51e' => 'die(pi());'), array('af5f492a1' => 'die(pi());'))), array('description' => 'Simple Ads Manager <= 2.5.94 - Arbitrary File Upload', 'post_i_min' => 2, 'post_i_max' => 2, 'target_urls' => array('/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('action' => 'upload_ad_image', 'path' => '*'))), array('description' => 'Work The Flow File Upload <= 2.5.2 - Shell Upload', 'post_i_min' => 1, 'post_i_max' => 1, 'target_urls' => array('/wp-content/plugins/work-the-flow-file-upload/public/assets/jquery-file-upload-9.5.0/server/php/index.php', '/assets/plugins/jquery-file-upload/server/php/index.php'), 'ajax_request' => FALSE, '404' => '*', 'session_cookie' => FALSE, 'hal_signature' => array(''), 'ha_signature' => array('', '*/*'), 'key_val_pairs' => array(array('action' => 'upload'))));
/* Run Checks Against Signatures */
foreach ($signatures as $i => $sig) {
if (!empty($sig['post_i_min']) && ($post_count < $sig['post_i_min'] || $post_count > $sig['post_i_max'])) {
continue;
}
if (!empty($sig['target_urls'])) {
$urls_rgx = rs_wpss_get_regex_phrase($sig['target_urls'], '', 'red_str');
if (!preg_match($urls_rgx, $req_url)) {
continue;
}
}
if ($sig['ajax_request'] !== '*' && $sig['ajax_request'] !== $req_ajax) {
continue;
}
if ($sig['404'] !== '*' && $sig['404'] !== $req_404) {
continue;
}
$hal_max = count($sig['hal_signature']) - 1;
$m = 0;
/* Matches */
foreach ($sig['hal_signature'] as $i => $hal_sig) {
if ($hal_sig == $req_hal) {
$m++;
}
if ($i == $hal_max && $m === 0) {
continue 2;
}
}
$ha_max = count($sig['ha_signature']) - 1;
$m = 0;
/* Matches */
foreach ($sig['ha_signature'] as $i => $ha_sig) {
if ($ha_sig == $req_ha) {
$m++;
}
if ($i == $ha_max && $m === 0) {
continue 2;
}
}
foreach ($sig['key_val_pairs'] as $i => $kvp) {
$kvp_max = count($kvp);
$m = 0;
/* Matches */
foreach ($kvp as $k => $v) {
if (!empty($_POST[$k]) && $_POST[$k] === $v || $v === '*' && isset($_POST[$k])) {
$m++;
}
if ($m === $kvp_max) {
return TRUE;
}
}
}
}
return FALSE;
}
