コードの脆弱性の恐怖と対応

@ryo_apejp

timthumb.php chrome googletimthumb.php

WordPresswp-conﬁg.php Cleaning Up the TimThumb Hack | WP Theming

“wordpress.org”■ WordPress › Support » Google issuing warnings about WP site: “content■ from counter-wordpress.com”?■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php”■ timthumb – image crop zoom resize management – Google Project Hosting■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix

Make sure this constant is set to false:define( ALLOW_EXTERNAL, false );Before:$allowedSites = array (! flickr.com,! picasa.com,! img.youtube.com,! upload.wikimedia.org,);After:$allowedSites = array();Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images.Vulnerability Found in timthumb.php | VaultPress Blog

◦ ◦•• grep• ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC••

WordPress TimthumbTimthumb Vulnerability Scanner for WordPress

コードの脆弱性の恐怖と対応

by Ryo Imai on Jan 24, 2012

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 2

Statistics

コードの脆弱性の恐怖と対応 — Presentation Transcript