Marvins.php webshell

webshell

The malware is a PHP webshell – a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server to upload, create, edit, download, or delete files. Today we found this new PHP webshell from one of the client servers, which we … Read more

gzpdecode.php

WordPress Vulnerability in Cherry Plugin – Arbitrary File Upload The Vulnerability allow an attacker to upload all types of files without administrator login. /wp-content/plugins/cherry-plugin/admin/import-export/upload.php This is fixed latest version of Cherry Plugin, but all customers won’t update their website and files. Interesting comes heres, botnetwork search this old vulnerability and if found they upload malware … Read more

work1.php

This is old Arbitrary File Upload Vulnerability in Cherry Plugin (Worpdress). Malware tries patch .htaccess files and add own redirect that file. When a user access website with correct browser, then redirect activates and redirect user to another page. Last malware unlink (removes) itself. Full sourcecode