Page 1 of 1

submitting "exploits & malware"

Posted: 13 Sep 2018, 05:52
by dvk01
got a bayes medium detection today that is definitely an exploit but cannot submit via the CXS interface because it is in a zip
compressed file: revslider/V5rev.php [depth: 1]) Bayes exploit probability score [medium probability]
Original File md5sum d6365dfd71f0d2704f76330ab3b84765

Extracted PHP
MD5 827622aa39b891cb8d9c43f090efceae
SHA-1 91357d31683ce4c9a04ad86c8611cdbe0c6fd0b2
Error: File is not a script.You can only submit script exploit files, not binaries or defacements or injected html files, etc.
Obviously I cannot paste the code here so how can we submit these detections to get them added to CXS

Re: submitting "exploits & malware"

Posted: 02 Dec 2018, 22:31
by Firewalls4Life
Found this in the documentation:

I would just recommend you extract the zip and submit the file.

Maybe @ForumAdmin can request a future improvement where a sample can be submitted when it is inside an archive file.

Code: Select all

--wttw [file]
This option is available for submitting exploits to ConfigServer if cxs fails to detect it. The file is sent as an attachment via email. It will veryify that the script isn't normally detected as a Virus or Fingerprint.

If you want to include a short comment with the submission you can use the --comment "text" option. The text must by enclosed by either single or double quotes, otherwise the comment will be lost.

If you are submitting a false-positive for a fingerprint match, you must use --[no]force to skip the scan check.