Your SlideShare is downloading. ×
  • Like
コードの脆弱性の恐怖と対応
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

コードの脆弱性の恐怖と対応

  • 977 views
Published

サービス不能状態や任意のコードが実行されてしまう様なコトになる前に、ソース管理に気をつけよう

サービス不能状態や任意のコードが実行されてしまう様なコトになる前に、ソース管理に気をつけよう

Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
977
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
4
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n

Transcript

  • 1. @ryo_apejp
  • 2. timthumb.php chrome googletimthumb.php
  • 3. WordPresswp-config.php Cleaning Up the TimThumb Hack | WP Theming
  • 4. “wordpress.org”■ WordPress › Support » Google issuing warnings about WP site: “content■ from counter-wordpress.com”?■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php”■ timthumb – image crop zoom resize management – Google Project Hosting■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
  • 5. Make sure this constant is set to false:define( ALLOW_EXTERNAL, false );Before:$allowedSites = array (! flickr.com,! picasa.com,! img.youtube.com,! upload.wikimedia.org,);After:$allowedSites = array();Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images.Vulnerability Found in timthumb.php | VaultPress Blog 
  • 6. ◦ ◦•• grep• ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC••
  • 7. WordPress TimthumbTimthumb Vulnerability Scanner for WordPress