PHPJunkyard support forum


https://developers.phpjunkyard.com/

PHP exploit in tiny_mce, htmlpurifier and theme/hesk3

https://developers.phpjunkyard.com/viewtopic.php?t=7223

Page 1 of 1

PHP exploit in tiny_mce, htmlpurifier and theme/hesk3

Posted: Fri Mar 10, 2023 8:08 am
by paratodos.pro
Script URL: https://peticiones.paratodos.pro/
Version of script: 3.4.2
Hosting company: Raiola Networks (spain)
URL of phpinfo.php: https://peticiones.paratodos.pro/phpinfo.php
URL of session_test.php: https://peticiones.paratodos.pro/session_test.php
What terms did you try when SEARCHING for a solution:
- exploit php Help Desk Software HESK
- exploit php HESK
- tiny_mce exploit php

Write your message below:

Hello everyone.

Several times my hosting provider inform me that we have malware in the HESK folder.

This time they are those:
  • /inc/htmlpurifier/standalone/HTMLPurifier/class.php | [PHP Exploit]
  • /inc/tiny_mce/5.10.5/icons/type.php | [PHP Exploit]
  • /inc/tiny_mce/5.10.5/skins/ui/oxide-dark/fonts/library.php | [PHP Exploit]
  • /inc/tiny_mce/5.10.5/skins/ui/oxide/fonts/defense.php | [PHP Exploit]
  • /inc/tiny_mce/5.10.6/skins/ui/oxide-dark/fonts/security.php | [PHP Exploit]
  • /theme/hesk3/customer/create-ticket/module.php | [PHP Exploit]
The tiny_mce is easy, i will remove the folders because we don't use it. But I dont know how to clean and protect they.

Thanks for help me.

Re: PHP exploit in tiny_mce, htmlpurifier and theme/hesk3

Posted: Fri Mar 10, 2023 8:51 am
by Klemen
The files you mention are not from Hesk, someone created them there. It's a standard tactic hackers use when trying to hide their activity/initial attack vector and install backdoors on the servers.

I recommend that you:
- change all your passwords, starting with your FTP (web hosting) password
- update all the software you run on the server
- delete all files not included with original software
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited