1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

There is a plugin download on BHW that will get your site hacked

Discussion in 'BlackHat Lounge' started by pxoxrxn, Nov 10, 2015.

  1. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,398
    Likes Received:
    2,073
    The 'GravityForms v1.8.9 + Forms Styler Add-on - WP Plugins' has downloads that are not safe to put on your website. I'm not sure if the code is just old and contains known vulnerabilities or if the plugin has been modified to allow hackers to put files on your websites.

    I'm guessing its just old code with known vulnerabilities. I've found suspicious PHP files in the WP directory for every website that I've used it on. They are all different hacks, from a 'hacked by' page to a script that sends emails titled "fuck you" from [email protected]

    Can admins please remove the links to these files?

    http://www.blackhatworld.com/blackh...forms-v1-8-9-forms-styler-add-wp-plugins.html
     
    • Thanks Thanks x 1
  2. skyfallsdown

    skyfallsdown Regular Member

    Joined:
    Oct 31, 2010
    Messages:
    379
    Likes Received:
    170
    Never tried it myself but thank you for this info mate.