[WEB SECURITY] Backdoors in web applications

MustLive mustlive at websecurity.com.ua
Sun Dec 16 16:58:27 EST 2012

Hello participants of Mailing List.

I'll tell you briefly about my last publications on backdoors in web
applications topic. These topic should be interesting for you (especially
for those, who haven't read them before).

In February 2011 I've started this topic with my article Placing shells
(backdoors) at web sites
And in November I've continued it with new article and in December I've
published my web application related to this topic. Later I'll write new
articles, which I've planned on this topic, so stay tuned.

1. Injecting backdoors into web applications.

In this article I've told about situation with injecting backdoors into web
applications. I've monitored it since 2007, so I presented a lot of cases,
where servers of popular webapps were hacked and backdoors were injected.
I described main vectors how backdoors are injecting into web applications
and listed backdoored webapps from WordPress in 2007 till Piwik in 2012.

The list includes WordPress, MiniGal, Ucms, Cypress BX script,
com_rsgallery2 gallery for Joomla, com_jumi / jumi for Joomla, PyForum,
phpMyAdmin, Piwik. And I've told about backdoored OpenSSL in Debian,
backdoored OpenSSH in Red Hat Linux and hacks of infrastructure of Linux and
FreeBSD (which happened this year), when servers with sources were
compromised and there were possibilities of backdoor injections. Also I've
mentioned about 2008's article about backdoored exploits.

2. Backdoored Web Application.

On Tuesday I've presented Backdoored Web Application (BWA) - this is small
web applications with built-in backdoor. I position this web application as
reference test of backdoors scanners. All qualitative scanners of backdoors
must find it, otherwise such scanners not good enough. So everyone can use
it to check their scanners.

Best wishes & regards,
Administrator of Websecurity web site

More information about the websecurity mailing list