Sneaky code injection

Found this nugget the other day while cleaning out a wordpress site. It was put in a file called ‘widget-footer.php’ which was a part of their wordpress theme: So, you may be asking – what does it do? It checks to see if the user is logged in,...
Continue reading

Decoding a Shell

Original filename: zt.php If you just executed the file, you simply see a password prompt – this indicates that it’s more than likely some type of php shell. To find out what it does, we have to de-obfuscate it.
Continue reading