Posts Tagged ‘Piwik’

Vulnerability

Backdoor in web-statistics Piwik

According to the developers, the malicious code has been available for download for 8 hours.

Unknown hackers managed to introduce a backdoor in the source code of the latest version of the popular web-analytics open source Piwik, pre-cracking official web-site of the project (http://piwik.org/). About this report the program developers.

Piwik is used to track and generate statistics about visitors to online resources, traffic, etc. Functionality of the system is much like the service Google Analytics, but it requires that the owners of the web-sites have installed it on their own servers.

Thus, users who downloaded and installed the update version 1.9.2 vechrom on Monday, November 26, from 18:43 UTC to 02:59 UTC, infect their system backdoor.

The malicious code was embedded in the file «piwik / core / Loader.php» and masked by base64-encryption for obfuscation traces.

“Users who have suffered from hackers, you need to make a backup copy of the file piwik / config / config.ini.php, delete the entire directory Piwik, download a new copy of the software from the official site and reinstalled it,” – is recommended. (more…)

Vulnerability

System compromise in Piwik

Vulnerability: System compromise in Piwik

Severity Rating: Critical
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Exploited by active exploitation of the vulnerability
Affected products: Piwik 1.x

Affected versions: Piwik 1.9.2 November 26, 2012 from 15:43 UTC to 23:59 UTC.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)