Website Backdoor – Page 2 – WindowsTechs.com

Backdoor Obfuscation: tempnam & URL Encoding

Posted on September 28, 2020 by Luke Leal

In an attempt to avoid detection, attackers and malware authors are always experimenting with different methods to obfuscate their malicious code.
During a recent investigation, we came across an interesting backdoor that was leveraging encoding along… Continue reading Backdoor Obfuscation: tempnam & URL Encoding→

The Hidden PHP Malware that Reinfects Cleaned Files

Posted on September 18, 2020 by Luke Leal

Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services.
Some o… Continue reading The Hidden PHP Malware that Reinfects Cleaned Files→

Using assert() to Execute Malware in PHP 7 Environments

Posted on September 1, 2020 by Krasimir Konov

Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why att… Continue reading Using assert() to Execute Malware in PHP 7 Environments→

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

Posted on August 13, 2020 by Luke Leal

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.
The hexadecimal/decimal obfuscation is clear to see when viewing the file’s … Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors→

PHP Backdoor Obfuscated One Liner

Posted on August 5, 2020 by Luke Leal

In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the … Continue reading PHP Backdoor Obfuscated One Liner→

Vulnerabilities Digest: July 2020

Posted on August 3, 2020 by John Castro

Relevant Plugins and Vulnerabilities:
PluginVulnerabilityPatched VersionInstalls
Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000
Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000
Comments – wpDiscuz 7.0.0 –
Arbitrary Fi… Continue reading Vulnerabilities Digest: July 2020→

Reverse String WooCommerce WordPress Credit Card Swiper

Posted on July 27, 2020 by Ben Martin

As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper tha… Continue reading Reverse String WooCommerce WordPress Credit Card Swiper→

Malicious Magento User Creator

Posted on July 21, 2020 by Krasimir Konov

We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” ⁠— probably referring to a Croatian Magento consulting company.
The script is sim… Continue reading Malicious Magento User Creator→

Pirated WordPress Plugins Bundled with Backdoors

Posted on July 8, 2020 by Luke Leal

One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another m… Continue reading Pirated WordPress Plugins Bundled with Backdoors→

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→