Detecting Webshell Backdoors on your Webservers Strings Indicators

Here are some strings pulled from mostly headers and other key pieces of the webshells for detection. You can search your network for these strings or make simple rules to match these patterns to find webshells on your network. //Starting calls if (!function_exists(“getmicrotime”)) {function getmicrotime() {list($usec, $sec) = explode(” “, microtime()); return ((float)$usec + (float)$sec);}} .. $shver = “1.0 … Read more

MyBB 1.8.13 – Remote Code Execution + Cross-Site Scripting Vulnerability Exploit Code Proof of Concept

# Exploit Title: RCE in MyBB up to 1.8.13 via installer # Date: Found on 05-29-2017 # Exploit Author: Pablo Sacristan # Vendor Homepage: https://mybb.com/ # Version: Version > 1.8.13 (Fixed in 1.8.13) # CVE : CVE-2017-16780 This RCE can be executed via CSRF but doesn’t require it (in some special cases). The requirements are … Read more

E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code

E-Commerce PHP Shopping Cart Script osCommerce 2.3.4.1 – Arbitrary File Upload Vulnerability Exploit Code # Exploit Title: osCommerce 2.3.4.1 Authenticated Arbitrary File Upload # Date: 11.11.2017 # Exploit Author: Simon Scannell – https://scannell-infosec.net <contact@scannell-infosec.net> # Vendor Homepage: https://www.oscommerce.com/ # Software Link: https://www.oscommerce.com/Products&Download=oscom234 # Version: 2.3.4.1, 2.3.4 – Other versions have not been tested but are … Read more