New hack script format (cxs may need update)
Posted: 02 Oct 2011, 18:14
Hi folks,
I've just started observing a relatively new format for the gzinflate/base64 hacks, now starting with:
<?php $D=strrev('edoced_46esab');$s=gzinflate
Here is a picture snippet of a hack I observed this past week, which CXS does not pick up as a hack (when it should have).
It's a pretty egregious web orb / filesman type hack which CXS should have caught:
http://tvcnet.net/images/tutorials/2011-10-02_1008.png
You folks need anything further from me to improve CXS in catching these from now on?
You'll find a discussion on this script which CXS missed here. Search on page for: gzinflate($D('7X1te9s2suh3
http://ksforum.inboxrevenge.com/viewtop ... 5&start=15
-Jim
I've just started observing a relatively new format for the gzinflate/base64 hacks, now starting with:
<?php $D=strrev('edoced_46esab');$s=gzinflate
Here is a picture snippet of a hack I observed this past week, which CXS does not pick up as a hack (when it should have).
It's a pretty egregious web orb / filesman type hack which CXS should have caught:
http://tvcnet.net/images/tutorials/2011-10-02_1008.png
You folks need anything further from me to improve CXS in catching these from now on?
You'll find a discussion on this script which CXS missed here. Search on page for: gzinflate($D('7X1te9s2suh3
http://ksforum.inboxrevenge.com/viewtop ... 5&start=15
-Jim