Exploit Scanner v1.11
3 posts by 2 authors in: Forums > CMS Builder
Last Post: June 15, 2015 (RSS)
Hi
Exploit Scanner has picked up the following potential exploit on one of my systems:
/home/xxxxxx/public_html/list/admin/connect.php (Score: 12)
- PHP Code Match (Score 1): Base64 string of 100+ chars (matched string: $oldpoweredimage = 'iVBORw0KGgoAAAANSUhEUgAAAFgAAAAfCAMAAABUFvrSAAAABGdBTUEAALGPC/xhBQAAAMBQTFRFmQAA...)
- PHP Code Match (Score 10): Base64 string of 1000+ chars (matched string: $oldpoweredimage = 'iVBORw0KGgoAAAANSUhEUgAAAFgAAAAfCAMAAABUFvrSAAAABGdBTUEAALGPC/xhBQAAAMBQTFRFmQAA...)
- PHP Code Match (Score 1): PHP disabling error_reporting (matched string: error_reporting(0))
Scanned: 582 dirs, 10,593 files (3 risks found)Execute time: 0 minutes, 42 seconds
I understand the 1st two messages, but I don't understand the 3rd one. Is some code actually disabling error reporting? It would be nice if exploit scanner would list the line number of the potential exploit!
Ragi
northernpenguin
Northern Penguin Technologies
"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke
By Dave - June 15, 2015
Hi Ragi,
Yea, that's what's it's doing. error_reporting(0) disables all error reporting. See:
http://php.net/manual/en/function.error-reporting.php
They might have a non-malicious reason for doing that. You can find the line by searching for "error_reporting(0)" in the file.
That only gets a score of 1, though, and you need a score of 10+ to show up. I'd guess the "Base64 string of 1000+ chars" is a false-positive and that $oldpoweredimage is just encoded image data.
But still worth a look just to be sure!
Let me know any questions.
interactivetools.com
Thanks Dave. You are right, the coders turned off error reporting for some reason. I have to look at it in more detail to figure out why, but I suspect lazy coding!
Ragi
northernpenguin
Northern Penguin Technologies
"Any sufficiently advanced technology
is indistinguishable from magic."
........Arthur C. Clarke