The host of the server Sometimes on just today switched from the site after x-trolley was installed since the following instructions were released around the server plus they think it is a security breach:

  • ls -la 2>&1
  • id 2>&1whoami 2>&1
  • id 2>&1
  • mkdir 123
  • pwd 2>&1
  • echo 1

The server is running linux (of some type, unsure what..) and there's no SSH access. I am not 100% sure it's x-trolley that's released these instructions, although searching with the setup script I can tell you will find a couple of instructions that could explain a couple of of those in xcheck.php:

@exec( "echo 1", $o, $e);

@exec( $this->test." 2>&1", $this->data, $code);

However, I grepped the whole supply of the store dir (and a few other x-trolley files) for 'whoami' and 'id', and may not find anything.

The host (and also the person I am employed by) have to be fairly sure it isn't been jeopardized.

I tracked the code back so far as I possibly could, but could not find anything really that suggests running whoami and id.

I am 80% sure it is simply x-trolley, but could anybody insert or at best bolster my accusations?

Note: I didn't install x-trolley around the server, another person focusing on the website did (you will find three people (loosely) involved.)

Cheers! John.

It appears a few of the guy put some bad code, or at best did not obtain the package from the reliable source (You most likely will not discover the performed instructions in source, because they are passed towards the script via GET/Publish). To Make Sure, Download the version you've and appearance against that file code.

I acquired an e-mail from those who installed x-trolley stating that it had been indeed simply in the install procedure. I'd also guess this is, so I am marking this as closed.

If you feel I am wrong, please let them know!

Thanks, John.