exploit WP : timthumb.php
3 naročniki
3 naročniki
občutljivi so najmanj tele plugini in teme :
plugins we’ve seen getting scanned by the attackers (total of 25):
a-gallery
dukapress
front-slider
geotag
highlighter
igit-posts-slider-widget
igit-related-posts-with-thumb-images-after-posts
islidex
jquery-slider-for-featured-content
kc-related-posts-by-category
lisl-last-image-slider
meenews
meenews-newsletter
mobile-smart
seo-image-galleries
shortcodes-ultimate
smart-related-posts-thumbnails
webphysiology-portfolio
wordpress-gallery-plugin
wp-mobile-detector
wp-slick-slider
shortcodes-ultimate
social-profiles-widget
woo-tumblog
Here are the themes we’ve seen scanned (total of 45):
aqua-blue
bueno
canvas
deep-blue
flashnews
freshnews
magazinum
Magnificent
mymag
sportpress
TheStyle
wp-creativix
backstage
bueno
busybee
canvas
cinch
cityguide
coffeebreak
dailyedition
delegate
delicate
digitalfarm
ElegantEstate
flashnews
freshnews
gazette
headlines
magazinum
Magnificent
mystream
nomadic
object
openair
optimize
overeasy
premiumnews
retreat
royalle
slanted
sophisticatedfolio
sportpress
thejournal
thestation
TheStyle
If you have any of these installed on your site, please verify them for the TimThumb script. If they contain the script ensure it is updated immediately.
2 odgovora
Tukaj je pa dobro poročilo in nova "veja" tega dodatka (WordThumb):
http://markmaunder.com/2011/08/01/zero-day-vulnerability-in-many-wordpress-themes/
Hudo, kar pokaže ta Alucar shell (slika na povezavi)
