Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backdoor:PHP/Remoteshell.V #701

Open
dyrathror opened this issue Sep 26, 2022 · 3 comments
Open

Backdoor:PHP/Remoteshell.V #701

dyrathror opened this issue Sep 26, 2022 · 3 comments

Comments

@dyrathror
Copy link

dyrathror commented Sep 26, 2022

Hi,
my Windows 10 security system alarmed about a PHP backdoor in one of the files from your archive.

Detected: Backdoor:PHP/Remoteshell.V
Details: This program provides remote access to the computer it is installed on.
Affected items:
file: C:\work\Source\advisory-database\advisories\github-reviewed\2022\02\GHSA-673j-qm5f-xpv8\GHSA-673j-qm5f-xpv8.json

After restoring the file and having a look at it, it doesn't look much of a threat to me but then again I didn't analyze the embedded links. Perhaps you want to have a look at it ?!?

best regards,
D.

@darakian
Copy link
Contributor

darakian commented Oct 17, 2022

Hey @dyrathror, I would guess that's a false positive. Is the scanner alerting on a local copy of the json file? If you can you post the contents of that file if they differ from what we have in the repo?

@dyrathror
Copy link
Author

dyrathror commented Oct 17, 2022

Hi @darakian ,
here it is. The Windows Defender jumped at me again when I tried to zip the file so I renamed it to .txt.

GHSA-673j-qm5f-xpv8.txt

@darakian
Copy link
Contributor

darakian commented Oct 17, 2022

Yep that's identical. I would guess it's a windows defender issue. Not sure where to report that bug to though 😞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants