Archive | January, 2017


When a website gets hacked, one thing we know for sure is that attackers love to leave malware that allows them access back into the site in future. This type of malware is called a backdoor. This type of malware was named this because it allows for remote control of a compromised website in a […]

Continue Reading

Web Application Firewall

A Web Application Firewall protects Web servers from malicious traffic and blocks attempts to compromise the system. While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of […]

Continue Reading

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server […]

Continue Reading

common.php (Object Injection Vulnerability in Backup & Restore Dropbox)

WordPress plugin Backup & Restore Dropbox have PHP Object Injection Vulnerability. It’s allow remote download malware to the server. This vulnerability founded by and published it. We found that vulnerability try malware download common.php malware to server via FTP Protocol. Real Post Payload First file_get_contents download common.php malware and file_put_contents write it to server. […]

Continue Reading

Functions.php contains backdoor

This malware is very clever, because it’s hiding Malware Data to inside WordPress database and Itself code in themes functions.php file. Hacker/or botnetwork can always send POST data to update or add a new Data to Database. Same time it puts Malware Data to the PHP script and it loaded, executed and last command it […]

Continue Reading