It's discovered a serious vulnerability in a couple of very popular plugins, webo and part theme's that have these pre-installed. It is about Slider Revolution, a slider which is very widely used, and Showbiz Pro. Theme's like Avada, mostly sold thema on Code Canyon, but also several webo others, such UDesign, Jupiter and X Theme comes with Slider Revolution. Security hole was patched already webo in February, but it has failed to disclose the problem so many have not updated, and this security hole exploited now over a low shoes. Those who have purchased the affected products from Code Canyon, ThemeForrest or other such places will get an e-mail during the day. If you use Slider Revolution, it MUST be upgraded to a minimum version 4.2 immediately. If you are using Showbiz Pro MUST be upgraded to version 1.5.3 minimum More info about the problem exists here -> Slider Revolution Plugin Critical Vulnerability Being Exploited | Sucuri Blog It turns out that these plugins'ene opens for downloading any file, it only one needs to do is
Code: http://www.webforumet.no/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php so, one can therefore download any file through Revolution Slider, also kofigurasjonsfiler which contains usernames and passwords etc.
Click to expand ... Thought right on it. So I have removed everything that can display back to what I use
Click to expand ... Almost everything in the bottom of the page shows a picture with link to wp-content folder (reckon that it is a fault of yours only), click CTRL + U and look at the source code. What method do you use to hide that it's WP?
Pong like this.
Click to expand ... Far from it enough, it is easy and check if you use wordpress by looking at the source code (html structure), and must use plugins (possibly. Make changes yourself) to remove traces. As mentioned above, I use this, http://codecanyon.net/item/hide-my-wp-no-one-can-know-you-use-wordpress/4177158 (check out "equipment-list" to see what it actually does)
Far from it enough, it is easy and check if you use wordpress by looking at the source code (html structure), and must use plugins (possibly. Make changes yourself) to remove traces. As mentioned above, I use this, http://codecanyon.net/item/hide-my-wp-no-one-can-know-you-use-wordpress/4177158 (check out "equipment-list" to see what it actually does)
Having zero experience with these free plugins, so it's better that anyone else here who have experience with any of them links. Or does one Google search, have not had the need for one free option when Hide my WP is superior webo good, and works like it should!
# 13
Click to expand ... idiotic article, which does not make sense. The point is not to hide that you are using Wordpress because using wordpress. The point is to make a potential threat, less. There is no problem webo to block access to such. wp-admin, or, wp-login.php. Have around 30-40 wordpress pages running, and all of these have dramatically less attacks using hide wp example. Obviously, a fine try to shoot information webo through mail to admin, webo sysadmin, wp-admin, etc ... That's why you do not call such sites admin login or similar. You call it either member page, or other funky names. Of course you would put the vulnerable your car in the garage, to key system was fixed. You do not set your car to show, when it is already vulnerable, and anyone who wants, can run from the place without problem. People know you have a car but do not know the model and brand.
Posts: 216
Tweet
Forum Rules
Forum software by XenForo 2010-2014 XenForo Ltd. Webforumet.no operated by Lykke Media AS | Sponsored by mineoppskrifter.no
No comments:
Post a Comment