Web Application Firewall

A Web Application Firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of … Read more

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server … Read more

common.php (Object Injection Vulnerability in Backup & Restore Dropbox)

WordPress plugin Backup & Restore Dropbox have PHP Object Injection Vulnerability. It’s allow remote download malware to the server. This vulnerability founded by pluginvulnerabilities.com and published it. We found that vulnerability try malware download common.php malware to server via FTP Protocol. Real Post Payload First file_get_contents download common.php malware and file_put_contents write it to server. … Read more

Functions.php contains backdoor

This malware is very clever, because it’s hiding Malware Data to inside WordPress database and Itself code in themes functions.php file. Hacker/or botnetwork can always send POST data to update or add a new Data to Database. Same time it puts Malware Data to the PHP script and it loaded, executed and last command it … Read more