News: phpMyFAQ Project Backdoored
Heh… This week has more disclosed hacks and discovered backdoors than killed bug. :P
This one was disclosed by VUPEN Security and it’s about this PHP project. The backdoor is installed in releases 2.6.11 and 2.6.12 and it’s placed in getTopTen() function located in inc/Faq.php file. For completeness, here is the official VUPEN’s security advisory for this backdoor, and here is the project’s one.
Unfortunately, the backdoored version of the project was removed from the tubes and that’s why the hacked code isn’t part of this post. :(
If you have the source code of inc/Faq.php downloaded between December 4 and 15 and you want me to publish it here, drop me an email.