为什么正则表达式模式适用于html注释但不适用于php和js注释?

时间:2013-01-13 11:17:03

标签: regex comments

我有这个问题:

我的网站的各个页面(简称:html,php和js)受特洛伊木马(基于NOD32扫描的JS / Kryptik.ADZ)的影响。

每种类型页面中的代码都是这样的:

PHP:

#336988#
echo "<script type=\"text/javascript\" language=\"javascript\" > CODE OF MALWARE </script>";
#/336988#

JS:

/*336988*/
CODE OF MALWARE
/*/336988*/

HTML:

<!--336988-->
<script type="text/javascript" language="javascript" >CODE OF MALWARE</script>
<!--/336988-->

所以我使用Notepad ++和regex用空白文本替换恶意软件。 我的正则表达式是:(<!--|\#|/\*)336988.+/336988(-->|\#|\*/)

但此表达式只能找到HTML。为什么呢?

我不明白。

如果我的英语和我对正则表达式的了解很差,我很抱歉。

由于

卡罗

4 个答案:

答案 0 :(得分:0)

试试这个:

'^.*336988.*[\s\S]*.*336988.*$'

答案 1 :(得分:0)

尝试这个,我遇到了同样的问题并且有效。

/#336988#(.*?)#\/336988#/ism

答案 2 :(得分:0)

Here修复336988,68c8c7,8f4d8e,a59dc4的脚本。

答案 3 :(得分:0)

今天我遇到了同样的问题,但代码不同。此代码影响了aspx,asp,htdocs,html,htm和js文件。在我的Powershell代码下面修复这些文件。对于JS文件,您需要更改行:

    $regex = New-Object System.Text.RegularExpressions.Regex "<!--68c8c7-->((.|\n)*)<!--/68c8c7-->"

到:

    $regex = New-Object System.Text.RegularExpressions.Regex "/\*68c8c7\*((.|\n)*)68c8c7\*/"

和行

    Get-ChildItem . -Recurse -Include *.aspx,*asp,*.html,*.htm | where-object {$_.lastwritetime –gt $DateToCompare} |  %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}

为:

    Get-ChildItem . -Recurse -Include *.js | where-object {$_.lastwritetime –gt $DateToCompare} |  %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}

下面的代码(这个脚本将创建Backup_ *文件,毕竟你可以删除这些文件):

function tryFixFile($filepath, $filepathBackup)
{   
    $infile = [string]::join([environment]::newline, (get-content -path $filepath))
    $regex = New-Object System.Text.RegularExpressions.Regex "<!--68c8c7-->((.|\n)*)<!--/68c8c7-->"

    if($regex.IsMatch($infile))
    {
        $intAnswer = $WScriptObject.popup("File needs to be change: " + $filepath + " do you want to continue?", 0,"Change File",4)
        If ($intAnswer -eq 6) 
        {
            Write-Host "  Creating backup for file: "  $filepath
            Copy-Item $filepath $filepathBackup
            $replace = $regex.Replace($infile,"")
            $replace | out-file $filepath
        } else 
        {
            $a.popup("File " + $filepath + " won't be changed.")
        }
    }
}

function DoWork($filename, $directory)
{   
    $filepath = $directory + '\' + $filename
    $filepathBackup = $directory + '\' + "Backup_" + $filename

    $WScriptObject = new-object -comobject wscript.shell

    tryFixFile $filepath $filepathBackup
}



$pathToCheck = Read-Host 'WARNING!! Path to check/change?'
if (Test-Path $pathToCheck)
{
    Set-Location $pathToCheck

    #files were affected no longer that 2 days ago, you can change this
    $DateToCompare = (Get-date).AddDays(-2)

    Get-ChildItem . -Recurse -Include *.aspx,*asp,*.html,*.htm | where-object {$_.lastwritetime –gt $DateToCompare} |  %{Write-Host Examining file: $_.fullname; $_} | ForEach-Object { DoWork $_.Name $_.DirectoryName}
}else
{
    write-host "Path doesn't exist"
}
相关问题
最新问题