Hello,
We got the same email alert from cxs about the attempt of uploading some exploit via admin-ajax.php.
Web upload script path : ~wp-admin/admin-ajax.php
Web upload script URL : https://our_site.com/wp-admin/admin-ajax.php
Remote IP : 46.246.61.20
‘/tmp/20170602-155521-WTFuSS4VY54AAEzxM1sAAAAP-file-DV4IeU’
(compressed file: revslider/herewgo.php [depth: 1]) Known exploit =
[Fingerprint Match] [PHP Exploit]
We have configured the basic authentication for our_site.com/wp-admin URL but allowed access to the admin-ajax.php file.
Our question: How is it possible to upload an files via admin-ajax.php file?
Thank you.
-
This reply was modified 7 years, 9 months ago by allywhz.
