Missed virus (False Negative)

  • Resolved nargopolis

    (@nargopolis)


    10 years, 9 months ago

    Antivirus unfortunately didn’t catch this virus. The following PHP was inserted into my footer:

    <?php $_c='#333'; $f = dirname(__FILE__) . "/footer_top.php"; if(file_exists($f) && is_readable($f)) require_once($f); ?>

    Which resulted in the following HTML:

    <span id="abe1a94c">Working <a href="https://pixum-gutschein.webs.com/" target="_blank">Pixum Gutschein</a> for shops. Pixum gutschein for free.</span>

    Here are the contents of footer_top.php:

    [ Deleted, please do not post that here ]

    https://www.ads-software.com/plugins/antivirus/

Viewing 1 replies (of 1 total)

  • require_once is a blacklisted string, can be used by potential attackers. Mark the line as “not a virus”, if you know what you’re doing.

Viewing 1 replies (of 1 total)
  • The topic ‘Missed virus (False Negative)’ is closed to new replies.