SlideShare a Scribd company logo

コードの脆弱性の恐怖と対応

Download as KEY, PDF
Ryo Imai
Ryo Imai

サービス不能状態や任意のコードが実行されてしまう様なコトになる前に、ソース管理に気をつけよう

TechnologyBusiness
1 of 8
@ryo_apejp
timthumb.php chrome google timthumb.php
WordPress wp-config.php Cleaning Up the TimThumb Hack | WP Theming
“wordpress.org” ■ WordPress › Support » Google issuing warnings about WP site: “content ■ from counter-wordpress.com”? ■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php” ■ timthumb – image crop zoom resize management – Google Project Hosting ■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
Make sure this constant is set to false: define( 'ALLOW_EXTERNAL', false ); Before: $allowedSites = array ( ! 'flickr.com', ! 'picasa.com', ! 'img.youtube.com', ! 'upload.wikimedia.org', ); After: $allowedSites = array(); Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images. Vulnerability Found in timthumb.php | VaultPress Blog 
◦ ◦ • • grep • ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC • •
WordPress Timthumb Timthumb Vulnerability Scanner for WordPress
コードの脆弱性の恐怖と対応

Recommended

20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
All About WordPress
All About WordPressAll About WordPress
All About WordPressAJ Morris
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the MassesRichard Archambault
 
Speed Up Your Site
Speed Up Your SiteSpeed Up Your Site
Speed Up Your SiteSysComm international
 
Save Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineSave Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineShawn Hooper
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressCraig Bailey
 
NJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressNJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressGabriela Levit
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 

Recommended

20 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-201720 Tips to Improving WordPress Website - for Beginners-Aus-2017
20 Tips to Improving WordPress Website - for Beginners-Aus-2017TRB Design, Inc.
 
All About WordPress
All About WordPressAll About WordPress
All About WordPressAJ Morris
 
More Multisite for the Masses
More Multisite for the MassesMore Multisite for the Masses
More Multisite for the MassesRichard Archambault
 
Speed Up Your Site
Speed Up Your SiteSpeed Up Your Site
Speed Up Your SiteSysComm international
 
Save Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineSave Time By Manging WordPress from the Command Line
Save Time By Manging WordPress from the Command LineShawn Hooper
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressCraig Bailey
 
NJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressNJ Videographers Association - Build an amazing website - WordPress
NJ Videographers Association - Build an amazing website - WordPressGabriela Levit
 
A word press site even your mother can use
A word press site even your mother can useA word press site even your mother can use
A word press site even your mother can useJerrett Farmer
 
Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skillNaumanMalik30
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerAdam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015Shawn Hooper
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professionalMichelle Castillo
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...John Ford
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPressKristen Symonds
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 
Website Creation Blueprint
Website Creation BlueprintWebsite Creation Blueprint
Website Creation BlueprintInternet Marketing Muscle
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011John Ford
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsJoseph Jude
 
20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Wordpress as a CMS
Wordpress as a CMSWordpress as a CMS
Wordpress as a CMSBrad Touesnard
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress sitewpnepal
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201wordpresswebmaster
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Mary Barr Mann
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside ApplicationsESUG
 
Seven deadly theming sins
Seven deadly theming sinsSeven deadly theming sins
Seven deadly theming sinsGeorge Stephanis
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a DummyJerrett Farmer
 
Optimizing wp
Optimizing wpOptimizing wp
Optimizing wpMark Kelnar
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimizationpaudelvinay
 

More Related Content

What's hot

Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skillNaumanMalik30
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerAdam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015Shawn Hooper
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professionalMichelle Castillo
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...John Ford
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPressKristen Symonds
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPressEunus Hosen
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011John Ford
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsJoseph Jude
 

What's hot (10)

Assignment 2 word press digi skill
Assignment 2 word press digi skillAssignment 2 word press digi skill
Assignment 2 word press digi skill
 
Introduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. WarnerIntroduction to WordPress - Adam W. Warner
Introduction to WordPress - Adam W. Warner
 
WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015WP-CLI Presentation from WordCamp NYC 2015
WP-CLI Presentation from WordCamp NYC 2015
 
20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional20 tips, tricks and secrets to making your WordPress website look professional
20 tips, tricks and secrets to making your WordPress website look professional
 
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
WordPress.com の裏側 (Behind the Scenes of WordPress.com) - WordCamp Tokyo - Nov...
 
Getting started with WordPress
Getting started with WordPressGetting started with WordPress
Getting started with WordPress
 
Introduction to WordPress
Introduction to WordPressIntroduction to WordPress
Introduction to WordPress
 
Website Creation Blueprint
Website Creation BlueprintWebsite Creation Blueprint
Website Creation Blueprint
 
WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011WordPress for Business Sites - ConvergeSouth - October 2011
WordPress for Business Sites - ConvergeSouth - October 2011
 
Roundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platformsRoundup of popular & emerging blogging platforms
Roundup of popular & emerging blogging platforms
 

Similar to コードの脆弱性の恐怖と対応

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for BeginnersTRB Design, Inc.
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress sitewpnepal
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Think Media Inc.
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Mary Barr Mann
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside ApplicationsESUG
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleKayleigh Thorpe
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimizationpaudelvinay
 
WordPress Security
WordPress SecurityWordPress Security
WordPress SecurityIvan Storck
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingMichelle Castillo
 
Dynamic Ad Refresh and Synching
Dynamic Ad Refresh and SynchingDynamic Ad Refresh and Synching
Dynamic Ad Refresh and Synchingwgamboa
 
Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Ben Metcalfe
 
Introduction to Django CMS
Introduction to Django CMS Introduction to Django CMS
Introduction to Django CMS Pim Van Heuven
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp HamiltonPaul Bearne
 
PoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryPoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryMartin Breest
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Ben Metcalfe
 

Similar to コードの脆弱性の恐怖と対応 (20)

20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners20 tips to Improving Your WordPress Site...for Beginners
20 tips to Improving Your WordPress Site...for Beginners
 
Wordpress as a CMS
Wordpress as a CMSWordpress as a CMS
Wordpress as a CMS
 
Vinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress siteVinay Paudel: Optimizing and Speeding up a WordPress site
Vinay Paudel: Optimizing and Speeding up a WordPress site
 
Setup and run wordpress: 201
Setup and run wordpress: 201Setup and run wordpress: 201
Setup and run wordpress: 201
 
Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013Presentation to SAIT Students - Dec 2013
Presentation to SAIT Students - Dec 2013
 
Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1Broadstreet quickstart-mar11-1
Broadstreet quickstart-mar11-1
 
Real World Seaside Applications
Real World Seaside ApplicationsReal World Seaside Applications
Real World Seaside Applications
 
Seven deadly theming sins
Seven deadly theming sinsSeven deadly theming sins
Seven deadly theming sins
 
Battling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support TaleBattling the WSOD - A Tech Support Tale
Battling the WSOD - A Tech Support Tale
 
WordPress by a Dummy
WordPress by a DummyWordPress by a Dummy
WordPress by a Dummy
 
Optimizing wp
Optimizing wpOptimizing wp
Optimizing wp
 
Wordpress optimization
Wordpress optimizationWordpress optimization
Wordpress optimization
 
WordPress Security
WordPress SecurityWordPress Security
WordPress Security
 
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meetingWordPress Insider Meetup Group - Jan, 7, 2016 meeting
WordPress Insider Meetup Group - Jan, 7, 2016 meeting
 
Dynamic Ad Refresh and Synching
Dynamic Ad Refresh and SynchingDynamic Ad Refresh and Synching
Dynamic Ad Refresh and Synching
 
Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)Optimizing WordPress (WordCamp Philly 2011)
Optimizing WordPress (WordCamp Philly 2011)
 
Introduction to Django CMS
Introduction to Django CMS Introduction to Django CMS
Introduction to Django CMS
 
Vagrant WordCamp Hamilton
Vagrant WordCamp HamiltonVagrant WordCamp Hamilton
Vagrant WordCamp Hamilton
 
PoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using CloudinaryPoC Rendering Spreadshirt Product Images Using Cloudinary
PoC Rendering Spreadshirt Product Images Using Cloudinary
 
Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012Optimizing WordPress - WordPress SF Meetup April 2012
Optimizing WordPress - WordPress SF Meetup April 2012
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

コードの脆弱性の恐怖と対応

  • 2. timthumb.php chrome google timthumb.php
  • 3. WordPress wp-config.php Cleaning Up the TimThumb Hack | WP Theming
  • 4. “wordpress.org” ■ WordPress › Support » Google issuing warnings about WP site: “content ■ from counter-wordpress.com”? ■ WordPress › Support » [TimThumb Vulnerability] iframe hack ”timthumb.php” ■ timthumb – image crop zoom resize management – Google Project Hosting ■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
  • 5. Make sure this constant is set to false: define( 'ALLOW_EXTERNAL', false ); Before: $allowedSites = array ( ! 'flickr.com', ! 'picasa.com', ! 'img.youtube.com', ! 'upload.wikimedia.org', ); After: $allowedSites = array(); Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images. Vulnerability Found in timthumb.php | VaultPress Blog 
  • 6. ◦ • • grep • ◦ JPCERT Adobe Reader Acrobat https://www.jpcert.or.jp/at/2012/at120003.html ◦ JPCERT/CC • •

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n