Exploit Scanner v1.11

3 posts by 2 authors in: Forums > CMS Builder
Last Post: June 15, 2015   (RSS)

By Dave - June 15, 2015

Hi Ragi, 

Yea, that's what's it's doing.  error_reporting(0) disables all error reporting.  See:
http://php.net/manual/en/function.error-reporting.php

They might have a non-malicious reason for doing that.  You can find the line by searching for "error_reporting(0)" in the file.

That only gets a score of 1, though, and you need a score of 10+ to show up.  I'd guess the "Base64 string of 1000+ chars" is a false-positive and that $oldpoweredimage is just encoded image data.  

But still worth a look just to be sure!

Let me know any questions.

Dave Edis - Senior Developer
interactivetools.com

Thanks Dave.  You are right, the coders turned off error reporting for some reason.  I have to look at it in more detail to figure out why, but I suspect lazy coding!

Ragi

--
northernpenguin
Northern Penguin Technologies

"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke