SlideShare a Scribd company logo

コードの脆弱性の恐怖と対応

Download as KEY, PDF
Ryo Imai
Ryo Imai

サービス不能状態や任意のコードが実行されてしまう様なコトになる前に、ソース管理に気をつけよう

TechnologyBusiness
1 of 8
@ryo_apejp
timthumb.php chrome google timthumb.php
WordPress wp-config.php Cleaning Up the TimThumb Hack | WP Theming
“wordpress.org” ■ WordPress › Support » Google issuing warnings about WP site: “content ■ from counter-wordpress.com”? ■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php” ■ timthumb – image crop zoom resize management – Google Project Hosting ■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
Make sure this constant is set to false: define( 'ALLOW_EXTERNAL', false ); Before: $allowedSites = array ( ! 'flickr.com', ! 'picasa.com', ! 'img.youtube.com', ! 'upload.wikimedia.org', ); After: $allowedSites = array(); Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images. Vulnerability Found in timthumb.php | VaultPress Blog 
◦ ◦ • • grep • ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC • •
WordPress Timthumb Timthumb Vulnerability Scanner for WordPress
コードの脆弱性の恐怖と対応

Recommended

20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
All About WordPress
All About WordPressAll About WordPress
All About WordPressAJ Morris
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the MassesRichard Archambault
 
Speed Up Your Site
Speed Up Your SiteSpeed Up Your Site
Speed Up Your SiteSysComm international
 
Save Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineSave Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineShawn Hooper
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressCraig Bailey
 
NJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressNJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressGabriela Levit
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 

Recommended

20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
All About WordPress
All About WordPressAll About WordPress
All About WordPressAJ Morris
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the MassesRichard Archambault
 
Speed Up Your Site
Speed Up Your SiteSpeed Up Your Site
Speed Up Your SiteSysComm international
 
Save Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineSave Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineShawn Hooper
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressCraig Bailey
 
NJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressNJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressGabriela Levit
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skillNaumanMalik30
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerAdam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015Shawn Hooper
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professionalMichelle Castillo
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...John Ford
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPressKristen Symonds
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 
Website Creation Blueprint
Website Creation BlueprintWebsite Creation Blueprint
Website Creation BlueprintInternet Marketing Muscle
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011John Ford
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsJoseph Jude
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Wordpress as a CMS
Wordpress as a CMSWordpress as a CMS
Wordpress as a CMSBrad Touesnard
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress sitewpnepal
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201wordpresswebmaster
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Mary Barr Mann
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside ApplicationsESUG
 
Seven deadly theming sins
Seven deadly theming sinsSeven deadly theming sins
Seven deadly theming sinsGeorge Stephanis
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a DummyJerrett Farmer
 
Optimizing wp
Optimizing wpOptimizing wp
Optimizing wpMark Kelnar
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimizationpaudelvinay
 

More Related Content

What's hot

Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skillNaumanMalik30
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerAdam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015Shawn Hooper
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professionalMichelle Castillo
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...John Ford
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPressKristen Symonds
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011John Ford
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsJoseph Jude
 

What's hot (10)

Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skill
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPress
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPress
 
Website Creation Blueprint
Website Creation BlueprintWebsite Creation Blueprint
Website Creation Blueprint
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platforms
 

Similar to コードの脆弱性の恐怖と対応

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress sitewpnepal
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Mary Barr Mann
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside ApplicationsESUG
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimizationpaudelvinay
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingMichelle Castillo
 
Dynamic Ad Refresh and Synching
Dynamic Ad Refresh and SynchingDynamic Ad Refresh and Synching
Dynamic Ad Refresh and Synchingwgamboa
 
Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Ben Metcalfe
 
Introduction to Django CMS
Introduction to Django CMS Introduction to Django CMS
Introduction to Django CMS Pim Van Heuven
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
PoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryPoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryMartin Breest
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Ben Metcalfe
 

Similar to コードの脆弱性の恐怖と対応 (20)

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
 
Wordpress as a CMS
Wordpress as a CMSWordpress as a CMS
Wordpress as a CMS
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress site
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside Applications
 
Seven deadly theming sins
Seven deadly theming sinsSeven deadly theming sins
Seven deadly theming sins
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
 
Optimizing wp
Optimizing wpOptimizing wp
Optimizing wp
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimization
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
 
Dynamic Ad Refresh and Synching
Dynamic Ad Refresh and SynchingDynamic Ad Refresh and Synching
Dynamic Ad Refresh and Synching
 
Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)
 
Introduction to Django CMS
Introduction to Django CMS Introduction to Django CMS
Introduction to Django CMS
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp Hamilton
 
PoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryPoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using Cloudinary
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

コードの脆弱性の恐怖と対応

  • 2. timthumb.php chrome google timthumb.php
  • 3. WordPress wp-config.php Cleaning Up the TimThumb Hack | WP Theming
  • 4. “wordpress.org” ■ WordPress › Support » Google issuing warnings about WP site: “content ■ from counter-wordpress.com”? ■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php” ■ timthumb – image crop zoom resize management – Google Project Hosting ■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
  • 5. Make sure this constant is set to false: define( 'ALLOW_EXTERNAL', false ); Before: $allowedSites = array ( ! 'flickr.com', ! 'picasa.com', ! 'img.youtube.com', ! 'upload.wikimedia.org', ); After: $allowedSites = array(); Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images. Vulnerability Found in timthumb.php | VaultPress Blog 
  • 6. ◦ • • grep • ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC • •

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n