[Plugin: Custom Contact Forms] Exploit Scanner Results

  • Tom Belknap

    (@dragonflyeye)


    15 years, 1 month ago

    I’ve recently installed Donncha’s Exploit Scanner plugin and a number of files in this plugin come up as suspect. Granted, I realize they’re not being used for nefarious purposes. But the authors of this plugin might want to consider reworking it to avoid these problems, since even if its not malicious, they’re generally discounted practices:

    wp-content/plugins/facebook-tab-manager/fbtab.php:325
    Used by malicious scripts to decode previously obscured data/programs
    $sig = base64_decode(strtr($encoded_sig, ‘-_’, ‘+/&#0

    wp-content/plugins/facebook-tab-manager/fbtab.php:326
    Used by malicious scripts to decode previously obscured data/programs
    $data = json_decode(base64_decode(strtr($payload, ‘-_’, ‘+/’)

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:25
    Often used to execute malicious code * When considering jsLint, we need to allow eval() as it it is used for reading cookies and

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4301
    Often used to execute malicious code This is used for environments which do not allow eval() for code execuation such as AIR

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4360
    Often used to execute malicious code eval( sDynamicSort );

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:4368
    Often used to execute malicious code * Non-eval() sorting (AIR and other environments which doesn’t allow code in eval()

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:5902
    Often used to execute malicious code
    sData.replace(/’/g, ‘”‘) ) : eval( ‘(‘+sData+’)’ );

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:5998
    Often used to execute malicious code
    $.parseJSON( sValue ) : eval( ‘(‘+sValue+’)’ );

    wp-content/plugins/custom-contact-forms/js/jquery.dataTables.js:6024
    Often used to execute malicious code
    try { oData = eval( ‘(‘+decodeURIComponent(aSplitCookie[

    wp-content/plugins/custom-contact-forms/js/jquery.tools.min.js:36
    Often used to execute malicious code
    async:false,dataType:”script”}):c.globalEval(b.text||b.textContent||b.innerHTML||””

    wp-content/plugins/custom-contact-forms/js/jquery.tools.min.js:152
    Often used to execute malicious code p;f.indexOf(“javascript”)>=0)c.globalEval(a);return a},param:function(a,b){function d(i,o

    http://ww.wp.xz.cn/extend/plugins/custom-contact-forms/

The topic ‘[Plugin: Custom Contact Forms] Exploit Scanner Results’ is closed to new replies.