Skip to content
A Magento package containing a quick-and-dirty PHP shell.
Branch: master
Clone or download
Pull request Compare This branch is even with lavalamp-:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Backdoor Code

A simple backdoor'ed Magento package.

Upload the lavalamp_magento_bd.tgz file to a Magento Connect instance and then navigate to /index.php/lavalamp/index. The shell is a simple command shell that will take $_POST['c'], pass it to shell_exec, and echo back the contents. Nothing fancy.

If you want to make your own .tgz file (beware, there are lots of consistency issues and checksum issues when modifying the package contents) then do the following to create a working .tgz package file:

cd Backdoor\ Code
tar -czvf bd.tgz app package.xml skin
mv bd.tgz ..



You can’t perform that action at this time.