View Single Post
  #5  
Old 15 Aug 2018, 09:39
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
You can use these to scan for anything suspicious.


SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';


SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';


Did you locate anything in the apache/nginx etc log related to that attempted post in the cms for that time stamp?
Reply With Quote