@ryo_apejp
timthumb.php                  chrome         googletimthumb.php
WordPresswp-config.php     Cleaning Up the TimThumb Hack | WP Theming
“wordpress.org”■   WordPress › Support » Google issuing warnings about WP site: “content■   from counter-wordpress.com”?■ ...
Make sure this constant is set to false:define( ALLOW_EXTERNAL, false );Before:$allowedSites = array (!   flickr.com,!   p...
◦    ◦••                 grep•    ◦ JPCERT                         Adobe Reader        Acrobat                   https://w...
WordPress TimthumbTimthumb Vulnerability Scanner for WordPress
コードの脆弱性の恐怖と対応
Upcoming SlideShare
Loading in …5
×

コードの脆弱性の恐怖と対応

1,253 views

Published on

サービス不能状態や任意のコードが実行されてしまう様なコトになる前に、ソース管理に気をつけよう

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,253
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • コードの脆弱性の恐怖と対応

    1. 1. @ryo_apejp
    2. 2. timthumb.php chrome googletimthumb.php
    3. 3. WordPresswp-config.php Cleaning Up the TimThumb Hack | WP Theming
    4. 4. “wordpress.org”■ WordPress › Support » Google issuing warnings about WP site: “content■ from counter-wordpress.com”?■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php”■ timthumb – image crop zoom resize management – Google Project Hosting■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
    5. 5. Make sure this constant is set to false:define( ALLOW_EXTERNAL, false );Before:$allowedSites = array (! flickr.com,! picasa.com,! img.youtube.com,! upload.wikimedia.org,);After:$allowedSites = array();Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images.Vulnerability Found in timthumb.php | VaultPress Blog 
    6. 6. ◦ ◦•• grep• ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC••
    7. 7. WordPress TimthumbTimthumb Vulnerability Scanner for WordPress

    ×