wp-crawl.php

Malware details

WordPress Duplicator version below <1.2.42 have Remote Code Execution (RCE) vulnerability, which allow modify wp-config.php file and inject malicious PHP code in there. Vulnerable code in this case isn’t present within the Duplicator plugin directory itself. The flaw becomes exposed when using Duplicator to migrate or restore a backed-up copy of a WordPress site. Reminder … Read more

RCE Attempts Against the Latest WordPress API Vulnerability

We are see remote command execution (RCE) attempts trying to exploit the latest WordPress API Vulnerability. The attackers trying to exploit sites that have plugins like the Insert PHP, Exec-PHP and similar installed plugins. These plugins, allow users to insert PHP code directly into the posts as a way to make customizations easier. Coupled with … Read more

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server … Read more