[Plugin: Exploit Scanner] Running exploit Scanner on 3.1 – is there any point?

  • Is there any point in running exploit Scanner on 3.1 RC2 installs?

    I did, and came up with 73 severe warnings, with a lot of these, for example:

    explode(‘:’, base64_decode(substr($

    and

    // eval(‘$v_result

    I’m not sure what to make of that.

    Any guidance on how to interprate that kind of thing, or do I need to tear my site down (only a wireframe at this point) and reinstall 3.0.4?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Jon Cave

    (@duck_)

    Since there are no file hashes for 3.1 core files yet (they are still liable to change, so hashes will not be available until final release), yes you will get warnings about ‘bad’ code within core files.

    You will have to use your judgment on how to interpret these, but I do not want to discourage you from developing on RC2 so maybe waiting until final release before using an updated Exploit Scanner is the best option. I would imagine these are probably fine, unless any are marking 3rd-party plugins which I cannot be certain about.

    Thread Starter modwor

    (@modwor)

    Hi, Jon,
    Thanks for the reply, and the good info.

    There were eval( and base64 in 3rd party plug-ins.
    I guess there are valid reasons for these PHP codes being used.

    Should I always be concerned when I see those terms, or do they have to be interpreted in context?

    In any regards, I decided to do a reinstall, and with the new install, and less plug-ins, I see none of those at this point.

    Thanks,
    Modstu

    Plugin Author Jon Cave

    (@duck_)

    They should always be interpreted in context, base64 etc. alone is not enough to definitively prove malicious code it is just a common indicator.

    Thread Starter modwor

    (@modwor)

    Thanks for the info, Jon.
    Have a great weekend.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: Exploit Scanner] Running exploit Scanner on 3.1 – is there any point?’ is closed to new replies.