[tbirnseth]

I noticed on a couple of my client sites the presence of a new malware file.  It is located in the document root of the store and is called 'adminer.php'.   Comments read as follows:
 

/** Adminer - Compact database management
* @link https://www.adminer.org/
* @author Jakub Vrana, http://www.vrana.cz/
* @copyright 2007 Jakub Vrana
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license http://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
* @version 4.2.5
*/

We have added support for diabling this file to our EZ Admin Helper addon.  It is available in version 4.9.33.  If you are a current EZ Admin Helper addon customer, you should be upgraded automatically in the next couple of days.  If you want to force the upgrade, you can use the following URL

[your_admin_url]?dispatch=ez_maint.upgrade.force

which will force the upgrade to happen immediately.

 

If anyone wants to (or has the time to) unpack this file and publish what it does, feel free to contact me and I'll get you a copy.

 

[tbirnseth]

EZ Admin Helper addon has been updated to detect and inoculate a new trojan malware file named adminer.php

 

If you are a current client, you will be automatically upgraded (as with all our addons) in the next couple of days.  I you want to upgrade immediately, use the following url to force the upgrade.

[your admin url]?dispatch=ez_maint.upgrade.force

 

Did not have time to unpack the affected file to see exactly what it does.  But it seems to accept commands from GET parameters and most likely accesses user and order data from your database.

[CS-Cart team]

I noticed on a couple of my client sites the presence of a new malware file.  It is located in the document root of the store and is called 'adminer.php'.   Comments read as follows:
 

/** Adminer - Compact database management
* @link https://www.adminer.org/
* @author Jakub Vrana, http://www.vrana.cz/
* @copyright 2007 Jakub Vrana
* @license http://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
* @license http://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
* @version 4.2.5
*/

We have added support for diabling this file to our EZ Admin Helper addon.  It is available in version 4.9.33.  If you are a current EZ Admin Helper addon customer, you should be upgraded automatically in the next couple of days.  If you want to force the upgrade, you can use the following URL

[your_admin_url]?dispatch=ez_maint.upgrade.force

which will force the upgrade to happen immediately.

 

If anyone wants to (or has the time to) unpack this file and publish what it does, feel free to contact me and I'll get you a copy.

 

Do you mean this database manager or is it some actual malware renamed to adminer.php that has same comments as the original Adminer script?

 

We often use Adminer when we need to access the database and as far as I understand, many third-party developers use it as well.

[Darius]

yea and sometimes your colleagues forget to remove it..

 

Do you mean this database manager or is it some actual malware renamed to adminer.php that has same comments as the original Adminer script?

 

We often use Adminer when we need to access the database and as far as I understand, many third-party developers use it as well.

[tbirnseth]

As I said, it's encoded so I have no idea what it's doing.  But I'm the primary developer on these sites and if other developers are leaving DB access files in the root of my customer's stores, then I think think that's a security issue and trust issue.  Note also that the modification date on one of my client's sites was from a couple of years ago, but the 'c_time' of the file was from 4/15/19.  My other client had a 4/15/19 date as well.  That's what causing me to be suspicious.

 

If you want to review it, send me and email at support at ez-ms dot com and I'll zip it and send it to you.

[tbirnseth]

Do you mean this database manager or is it some actual malware renamed to adminer.php that has same comments as the original Adminer script?

 

We often use Adminer when we need to access the database and as far as I understand, many third-party developers use it as well.

 

 

Leaving database access files on sites after you're done is a pretty big security issue.  How do we get your support people to clean up after themselves then?

 

I'm going to leave my inoculation in place in EZ Admin Manager since it will then clean up behind you.

[CS-Cart team]

Leaving database access files on sites after you're done is a pretty big security issue.  How do we get your support people to clean up after themselves then?

 

I'm going to leave my inoculation in place in EZ Admin Manager since it will then clean up behind you.

 

 

We usually delete such scripts after examining the installation, but the Adminer script is commonly used not only by our team. So it is reasonable to have such check, although the database cannot be accessed without authorization.

[poppedweb]

We usually delete such scripts after examining the installation, but the Adminer script is commonly used not only by our team. So it is reasonable to have such check, although the database cannot be accessed without authorization.

 

Yeah but that is nothing more than including the config.local.php file