Once the event is fired (whenever someone publishes a new comment), the customized_posts table (wp_posts) will be updated in order to add malicious code in those uninfected posts.
Php code hacked to backdoors to update#
UPDATE customized_posts SET post_content=IF(post_content like '%test.js%', post_content, CONCAT(post_content, '')) where post_status like '%publish%' delimiter //ĬREATE TRIGGER add_js BEFORE INSERT ON customized_comments FOR EACH ROW For example, regarding WordPress, we can automate the addition of a malicious JavaScript on all those posts published in the particular moment when someone writes a comment on any post. The basic concept consists on the automatic execution of SQL statements when a new event is created. Therefore, it is necessary that the user holds the TRIGGER privilege in order to create a trigger on a table.īackdoors in SQL base their performance on triggers. For example, we can create a “trigger” to run a SQL statement when a particular table is updated. Backdoors in SQL using triggersĪ “trigger” in MySQL is a database object that is associated to a table and activated whenever a particular event is triggered.
Besides, it is also important providing training regarding the detection of this kind of techniques.ĭespite the following examples refer to WordPress, they can be applied to any other platform. Moreover, persistence affecting database is ignored.ĭuring Red Team exercises, it is important to use different persistence methods aimed at detecting deficiencies in the methodologies used by Blue Team defenders when cleaning up a compromised server. Generally, protocols followed in order to get rid of attacker’s persistence in any compromised web environment are not exhaustive enough. Using backdoors in SQL as a persistence method in compromised web environments is not only an old but also an exceptionally effective technique.
0 kommentar(er)
