How I can find the injected file or database which hacked by any one in vtiger crm 6.4?

Question

I am using vtiger crm 6.4. for my product, I have taken source code from a developer who has customized my product in vtiger crm 6.4. So everytime from vtiger_users table, the admin password will change. I want to know what is the way to finding the script or what is the place the things will happening.

Since it's open source, a good start would be to run a diff with the original files to find the changes and then review them manually. — FalcoGer, Apr 12 '19 at 11:22

score 0 · Answer 1 · answered Jul 04 '19 at 22:48

0

Use a php shell detector like PHP-Shell-Detector or install cxs scanner or antivirus on your server

answered Jul 04 '19 at 22:48

Hamid

378
3
8

also you must change access_key for all users in vtiger_users table – Hamid Jul 04 '19 at 22:49

score -1 · Answer 2 · answered Jun 11 '19 at 06:05

Most of developer using change password script to change the admin user's password and they keeps it in root folder. Try to search vtiger_users table in whole code of crm so that you will find the script where developer written query on vtiger_users table. Then find the specific script and delete it.

How I can find the injected file or database which hacked by any one in vtiger crm 6.4?

2 Answers2