XDebug, PHP CLI, Windows, Sublime

Setting environment variable in PowerShell.


Found this in a broken websites I worked on a couple of years ago. A very dangerous piece of code. It’s a first stage malware dropper.

It appears that it was used to install WSO remote webshell. Joomla’s weblink module vulnerability to MySQL injection was exploited to compromise system.

WordPress download and extract script