Malicious Software – process.php

I finally took a closer look at this file, and it’s pretty open.

There is no nonce in use here, and I see a possible mysql injection vulnerability here:
$data = $wpdb->get_row(“select * from ahm_files where id=’$id'”,ARRAY_A);

It also outputs full file paths on error for example:
die(“".dirname(__FILE__).'/cache/ is missing!’ );

This is just in the top 20 lines.

I have to be honest, if this is the first 20 lines of code I see, I’m pretty worried about the rest of this plugin.

what reason did your hosting company show you and may you please tell me how you found the vulnerability in code. That would be a great help for me and 1000s other user who are using wpdm.

I’m still trying to get more specifics out of them. Everything I’ve said and looked for so far is just speculation by me. I’ll update this thread when I get something more concrete from them.

btw, the lines you mentioned in your reply are completely safe. but please let me know if you get any weak point. That will help me a lot :).

Shaon,

Thanks for the reply. I received a response, but unfortunately it’s pretty general at the moment. To summarize, they said the wp-content/plugins/download-manager/process.php script was causing a server overload (I’m also on shared hosting). They couldn’t give me anymore information, but I replied asking for more if possible, I even referenced this thread in the ticket.

I have enabled the plugin again, and it is being monitored by my hosting provider, so I should be able to update this thread with more info if the same thing happens again.

ok, then its not a problem with code actually :). “causing a server overload” may be because of huge downloads from your site and your hosting provider trying to limit it.

I’m sorry, but I’m not an ignoramus. The biggest download on my site is 2MB. Not huge. I haven’t added a new download in 3 years.

I think I need to copy and paste what I wrote at the beginning of this thread, “Hello, I recently installed this plugin to replace Download Monitor that I’ve used for a few years now.”

All this happened only after I changed to Download Manager. Nothing really in download sizes from one plugin to another. But one caused a server overload some how, and another did not.

was reported that there were XSS vulnerabilities with this plugin but I think they’ve been updated…
osvdb.org

just tested this plugin and it’s awesome. i hope the vulnerabilities are all gone.

@rwilki Thanks for the link, this one https://osvdb.org/show/osvdb/92119 in particular caught my eye as the disclosure date was yesterday. I was thinking a hacker may have exploited a vulnerable link (or many of) on my site and caused a server overload, this is again just speculation by me.

Ok followup on the last comment, this is not the plugin we are discussing, but this one https://www.ads-software.com/extend/plugins/wp-downloadmanager/