There is a major security vulnerability reported for the wordpress web sites.
This is using the unauthorised themes and plugins from the internet. timthumb.php vulnerability allow your web site visitors to upload files. This vulnerability is insecure , platform independent . This is due to the authors include the script using without any security measures.
Fix -1
1. remove the file named timthumb.php
2. we can find out this using the command " find . -name ‘timthumb.php "
OR
1. change the permission to 000 " chmod 000 timthumb.php "
Fix -2:This is the best way:
By editing the file name we can fix this issue
a.vi timthumb.php
b. Go to line 27
c. Change it to remove all the sites listed like “blogger.com” and “flickr.com”. Once you’re done the line should look like this $allowedSites = array();
No comments:
Post a Comment