Search the Community

Showing results for tags 'execution'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Welcome to ProcessWire
    • News & Announcements
    • Showcase
    • Wishlist & Roadmap
  • Community Support
    • Getting Started
    • Tutorials
    • FAQs
    • General Support
    • API & Templates
    • Modules/Plugins
    • Themes and Profiles
    • Multi-Language Support
    • Security
    • Jobs
  • Off Topic
    • Pub
    • Dev Talk

Product Groups

  • ProDrafts
  • ListerPro
  • ProFields
  • ProCache
  • Form Builder
  • Likes
  • ProDevTools
  • Custom Development

Categories

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests

Found 1 result

  1. mrjasongorman

    This isn't related to Processwire, but just so the PW community is aware, today we discovered several malicious files in our server (Wordpress environment). The code in the files ultimately allows for the same thing, remote code execution. I'm guessing some security hole allowed an attacker to execute code via a plugin, which wrote a file to www.example.com/dump.php This file contained the following code: http://pastebin.com/dsLZnbCW After deciphering it slightly: http://pastebin.com/NiCe9ftn I then realised it was looking for a post request variable "n59a097" Malicious code was then being sent base64 encoded to this post variable, where it was then being decoded and run through the eval() function. Digital Ocean alerted us of the issue, after our server had been reported to them for sending out spam email. Just a heads up really as to the possibility of security holes allowing simple files to be written, that then allow for remote code execution. I'm sure Processwire is far less a target than Wordpress for these types of exploits but keep an eye out.