Earlier I made a post calling out the wrong people for backdooring the C99.php shell hosted on r57.gen.tr. They look to possibly be only exploiting an already existing vulnerability in the C99 shell. The truth is the C99 shell is just plain backdoored. I’d apologize but the JavaScript tracking on their distributed shells is still pretty sketchy so I have a feeling they are aware of the backdoor.
For those who missed it, the C99 shell has a backdoor due to a vulnerability in the extract() command.
more here.........http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/
For those who missed it, the C99 shell has a backdoor due to a vulnerability in the extract() command.
more here.........http://thehackerblog.com/every-c99-php-shell-is-backdoored-aka-free-shells/