Infected PHP PEAR reverse shell

  • If you installed PEAR PHP in the last 6 months, you may be infected
    IT seems if you installed from default repos, your safe, but using site version your not
    PEAR developers promised a more detailed incident post-mortem when this operation concludes.

    In the meantime, earlier today, the PHP PEAR team also released PEAR v1.10.10, a new PEAR release, which is identical with the previous release v1.10.9, but which the PHP PEAR team uploaded on GitHub to give it a new timestamp and signal that it's a clean version that webmasters can install without fear of downloading a potentially backdoored release

    UPDATE, January 23: In a series of tweets following the publication of this article, the PEAR team has published more details about its recent security breach. The tweets are embedded below:

    In addition, the team at DCSO has also analyzed the malicious backdoor, and confirmed the findings of the PEAR team that it drops a reverse shell on infected hosts, allowing attackers to connect to web servers running a tainted PEAR package.

    Guys I need to be able to download this infected PHP pear how to do so ?? I need to test security scanners for linux

Log in to reply