Magento Webforms Upload Vulnerability

In ModSecurity auditlog we found magento webforms upload vulnerability. Looking better POST payload, found this image.phtml script, which first uploaded to customer website. If index.php / image.phtml file success uploaded, it can access from www and executed! image.phtml   First it send email to fileputcontent@gmail.com notify details like Hostname, URL, IP:   Then it try … Read more

PHP_SESSION_PHP

We found old cookie (PHP_SESSION_PHP) based hidden redirect in joomla. These two modified files found when we search files: Normal part of these files look like this: But then malware begin (SECOND PART), so rest of file: Also different urls found: Decoded these: Here list that website’s set PHP_SESSION_PHP cookie: https://webcookies.org/cookie/http/PHP_SESSION_PHP/41265 You can manually clean … Read more