From 9fd2aaab0bd15fe0c6f11e61d832d026d5be796c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Mon, 9 Jun 2025 00:10:16 +0200
Subject: [PATCH] Continued: - sorted commands

---
 libs/lib_detector.php | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/libs/lib_detector.php b/libs/lib_detector.php
index c139b28..4266f18 100644
--- a/libs/lib_detector.php
+++ b/libs/lib_detector.php
@@ -174,19 +174,26 @@ function initCrackerTrackerArrays () {
 		// SQL commands
 		'drop database', 'drop table',
 
-		// Compiler/interpreter
-		'bin/g++ ', 'bin/c++ ', 'cc ', 'bin/python', 'bin/python', 'bin/tclsh',
-		'bin/tclsh', 'bin/nasm', '/perl', 'wget ', 'system(', 'curl ',
+		// Compiler / interpreter (Linux)
+		'bin/g++ ', 'bin/c++ ', 'cc ', 'bin/python', 'bin/tclsh', 'bin/nasm', 'bin/perl',
+
+		// Fetch tools
+		'wget ', 'curl ',
 
 		// Windows-related
 		'cmd.exe', 'nc.exe', 'ftp.exe', 'powershell', 'system.net.webclient',
+		'perl.exe', 'python.exe', 'python3.exe', 'bash.exe',
 
 		// php.ini settings
 		'allow_url_fopen', 'allow_url_include', 'auto_prepend_file', 'disable_functions', 'safe_mode',
 
-		// PHP commands/scripts
+		// PHP commands to execute local shell commands
+		// @see https://de.php.net/<system|passtyhru>
+		'system(', 'passthru',
+
+		// More PHP commands/scripts
 		'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
-		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
+		'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors',
 		'set_time_limit',
 
 		// Server configuration (e.g. Apache)
-- 
2.39.5