Backdoor lets Hackers Execute PHP Code

Thursday, September 27, 2012 @ 04:09 PM gHale

A kit on the mirror system contains a backdoor that allows remote attackers to execute arbitrary PHP code.

Tencent Security Response Center notified developers the distribution contains a malicious file.

Enfal Malware Hits Nuke, Energy Sectors
Over Half Androids have Vulnerabilities
Chrome for Android Fixes Bugs
Profiting off Android Attacks

The affected mirror is cdnetworks-kr-1, with the backdoor located in the server_sync.php file.

Apparently, this isn’t the only corrupt file. The phpMyAdmin development team said a second file, js/cross_framing_protection.js, also underwent modification. The vulnerability is critical.

Users who downloaded from the mirror should check if the download contains the server_sync.php file.

If the file is present, the users should download the entire distribution once again from a trusted mirror.

Leave a Reply

You must be logged in to post a comment.