| Sucuri Web RAT |
[Nov. 12th, 2015|01:27 am] |
I found the "monitoring software" installed by #AV firm #Sucuri (it's available to their subscribers). What I have to say. It just RAT, or web-shell or whatever you want to call it, but its single purpose is to download an unknown code from their servers and execute it. The real name for such a thing is a #Trojan #Horse. That's how I used to call these things. More than that it contains security flaws... You don't just trust them your data (that's not necessary bad), but you let the back door wide open.
Попаля в руки RAT от Sucuri, который они ставят на сайты клиентов, чем эта херь отличается от веб-шелла, хоть убейте не пойму:
curl_setopt($ch, CURLOPT_URL, "https://$MYMONITOR.sucuri.net/imonitor");
...
$my_sucuri_encoding = base64_decode(
substr($my_sucuri_encoding, 7));
eval(
$my_sucuri_encoding
);
( список сцукурных серверов )
А вот за это (и еще кое за что):
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']
Нужно вырывать ногти. А потом руки. Ж;-] |
|
|