$>
you're reading...
Security

Vulnerable WordPress plugin leads to website hack


On August 2nd, 2011 Mark posted detailed blog mentioning technical details and scripts of WordPress hack plugin called “TimThumb”. TimThumb plugin is a simple, flexible, PHP script that resizes images for your blogs. It is a small PHP script for cropping, zooming and resizing web images like jpg, png, gif etc. As discovered my Mark, TimThumb plugin has a File upload vulnerability. An attacker can upload any file on the server to execute it.

This plugin is used by many people on their WordPress blogs and also it is bundled with many other different WordPress themes and plugin. If you have vulnerable version of this plugin, you should change the code to fix the issue as per workaround provided by Mark. File uploading vulnerabilities are not new but they are constantly used to compromise or hack the websites. There are already thousands of WordPress themes and plugin available over the Internet and new ones are coming every day. You should not blindly install each and every plugin. Do some homework before using any theme or plugin.

Security is really important for your websites. You take a lot of efforts to write on your websites and one vulnerabilityin any theme or plugin can provide massive damage to your website and your business. The above one is great example of this. Mark’s website got hacked due to this vulnerability and attacker injected some advertising code into his webpage’s. Attacker could have done more damage to his website since he/she can have the access to his server. You should immediately check your themes and plugin for any vulnerability.

To find, if your theme or plugin has vulnerability or not is to use Google search engine. Use theme name or plugin name along with name “vulnerability” in search string. For example, to search for TimThumb bug, search “TimThumb vulnerability” in the Google.

Source: techfeedlab

Links:

Zero-day vulnerability found in WordPress image utility

 

Diskussionen

Trackbacks/Pingbacks

  1. Pingback: GB Bilder » Vulnerable WordPress plugin leads to website hack « welcome to … - August 7, 2011

Schreibe einen Kommentar

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

Member of The Internet Defense League

Kalender

August 2011
M D M D F S S
« Jul   Dez »
1234567
891011121314
15161718192021
22232425262728
293031  

Kategorien

Archiv

Legal Guide For Bloggers

Bloggers' Rights at EFF

Interessantes

Link Anonymizer

Independent Tests of Antiv-Virus Software

BSD Aktuell

Hacker News

Blog Stats

  • 262,685 hits

Haftungsausschluss

disclaimer

%d Bloggern gefällt das: