re = /^(?:[[:^print:][:cntrl:]\s]|GIF89.{0,20})*<\?(?:php)?\s*.{0,120}\$_session\[['"]\w+['"]\]\s*=\s*\$_post\[['"]\w+['"]\].{0,120}\$md5=md5\("\$random"\);\s*\$base=base64_encode\(\$md5\);\s*\$host=md5\(.{0,50}\$logon="\w+\.html\?\$host\-\$host\-\$host\$host.{0,100}header\("location:\s*\$logon[[:punct:]\s]+$/i
str = '<?php
session_start();
$_SESSION[\'ssn\'] = $_POST[\'ssn\'];
$_SESSION[\'npin\'] = $_POST[\'npin\'];
$_SESSION[\'mmn\'] = $_POST[\'mmn\'];
$_SESSION[\'dl\'] = $_POST[\'dl\'];
$random=rand(0,100000000000);
$md5=md5("$random");
$base=base64_encode($md5);
$host=md5("$base");
$Logon="5.html?$host-$host-$host$host$host$host$host$host$host$host$host";
header("location: $Logon");
?>
'
# Print the match result
str.scan(re) do |match|
puts match.to_s
end
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Ruby, please visit: http://ruby-doc.org/core-2.2.0/Regexp.html