Home »
Archive by category Malware Analysis
Older versions of OpenCart < v5 had a reflective Cross Site Scripting Vulnerability. I requested this CVE, but never published it because I got busy with other work. So I thought better late than never 🙂 Discovery Date: 04/28/2014 Vendor Notified: 04/30/2014 CVE Assigned: 05/01/2014 Update Released: 06/01/2014...
Continue reading
March 19, 2016 cjchamber
Malware Analysis
No Comment
* Exploit Title: Reflective XSS * Discovery Date: 02/09/2016 * Public Disclosure Date:03/10/2016 * Exploit Author: CJ Chamberland * Contact: @cjchamberland - http://cjchamberland.com * Vendor Homepage: formtoemail.com * Software Link: formtoemail.com (formtoemail.php free is available for download from this site) * Version: 2.5 * Tested on: apache/mac os...
Continue reading
March 11, 2016 cjchamber
Malware Analysis
No Comment
I come across a site every once in a while where the malware isn’t actually in the files – but in the database. I would say this type of occurrence happens in about 1 out of every 100 sites I see. Here is a very easy way to...
Continue reading
March 12, 2015 cjchamber
Malware Analysis
No Comment
Today I came across a nasty little booger. It’s added to the wp-includes/swfobject.js file and they used the wp-includes/tempate-loader.php to load it. I did noticed from another message board that it has been around for at least a few weeks, but apparently people are just now discovering it...
Continue reading
December 15, 2014 cjchamber
Malware Analysis
No Comment
I have had a few clients ask about their sites being framed to load on other sites without their permission and if their is anything they can do about it. Attackers sometimes do this in “Phishing” attempts. Visitors think they are going to the legitimate site, when in...
Continue reading
January 26, 2014 cjchamber
Malware Analysis
No Comment
This was uncovered in several joomla installs last week. Apparently the attackers install some “Fake” modules (in these cases it was  mod_administrator, mod_msn, and mod_araticlhess that were discovered and removed) not sure yet if they are related, but it appears they are, I just need to do more...
Continue reading
January 15, 2014 cjchamber
Malware Analysis
No Comment
Found this nugget the other day while cleaning out a wordpress site. It was put in a file called ‘widget-footer.php’ which was a part of their wordpress theme: So, you may be asking – what does it do? It checks to see if the user is logged in,...
Continue reading
December 10, 2013 cjchamber
Malware Analysis
No Comment
Original filename: zt.php If you just executed the file, you simply see a password prompt – this indicates that it’s more than likely some type of php shell. To find out what it does, we have to de-obfuscate it.
Continue reading
December 4, 2013 cjchamber
Malware Analysis
No Comment