Joomla Plugin Exploit + PHP Malware
Garden Store has a vulnerable version (1.1.7) of virtuemart (Joomla plugin) and through a blind sql injection we can retrieve administrator credentials. We edit the main template and place into the footer tag a simple piece of code properly obfuscated to get user's credit cards data. Reference: - virtuemart exploit found by TecR0c & mr_me - joomla hash cracker - php obfuscator - dopost source code - getcc source code