8 popular wp plugins hacked and exploited

Discussion Of Everything Legal Is Good
Colmike7
Posts: 1058
Joined: May 23rd, 2018, 12:21 pm

Re: 8 popular wp plugins hacked and exploited

Post by Colmike7 » September 14th, 2020, 5:32 pm

LustCore wrote:
September 14th, 2020, 4:59 pm
Looks like there is an ongoing hacking campaign. Several attempts of File Upload in file: upload=x.php and admin.php were blocked on the 7th, 12 and 13th of September on almost all of my sites (both porn and non-porn).
File uploads are pretty common for uploading and running shells. Like, if a site has an upload feature but doesn't validate the file types correctly, I could have full access to everything very easily using one php file, assuming that I know the path to where the uploads are going.. : x



Colmike7
Posts: 1058
Joined: May 23rd, 2018, 12:21 pm

Post by Colmike7 » September 14th, 2020, 5:41 pm

You can also bypass the MIME check with special proxy/burp tools to spoof the content-type header if they do have the right validation. Coding things yourself, especially things that don't need to be updated ever, is the best way to go if you want to do the extra learning and work.



User avatar
LustCore
Posts: 61
Joined: November 20th, 2019, 5:11 pm
Contact:

Post by LustCore » September 14th, 2020, 5:43 pm

Typical automated attack, when the attackers are looking for outdated, vulnerable websites. Happens that you will not notice anything, just that you are silently became a backlink site for others.



Colmike7
Posts: 1058
Joined: May 23rd, 2018, 12:21 pm

Post by Colmike7 » September 14th, 2020, 5:46 pm

LustCore wrote:
September 14th, 2020, 5:43 pm
Typical automated attack, when the attackers are looking for outdated, vulnerable websites. Happens that you will not notice anything, just that you are silently became a backlink site for others.
Oh yeah, that's been going on since forever. They'll just look up info on some old vulnerabilities and find the ones that didn't update/fix it. :p



User avatar
AlexO
Posts: 1502
Joined: February 10th, 2018, 5:37 pm

Post by AlexO » September 17th, 2020, 8:18 am

Colmike7 wrote:
September 14th, 2020, 5:46 pm
LustCore wrote:
September 14th, 2020, 5:43 pm
Typical automated attack, when the attackers are looking for outdated, vulnerable websites. Happens that you will not notice anything, just that you are silently became a backlink site for others.
Oh yeah, that's been going on since forever. They'll just look up info on some old vulnerabilities and find the ones that didn't update/fix it. :p
Best to keep plugins updated to the latest version, reduce your exposure to hackers.

My 2 cents on updates.



User avatar
bbwlover
Posts: 543
Joined: March 5th, 2018, 6:23 pm

Post by bbwlover » September 20th, 2020, 7:38 pm

DeSexGuide wrote:
March 3rd, 2020, 12:49 pm
Less is best when it comes to adding plugins, add what you rally need and use.

Good way to out it.



yobilinks
Posts: 294
Joined: May 23rd, 2018, 3:08 pm

Post by yobilinks » October 5th, 2020, 10:41 am

what else is vulnerable and we should know of?



User avatar
LustCore
Posts: 61
Joined: November 20th, 2019, 5:11 pm
Contact:

Post by LustCore » October 5th, 2020, 6:27 pm

yobilinks wrote:
October 5th, 2020, 10:41 am
what else is vulnerable and we should know of?
Short answer is everything. Difference is the level of vulnerability. You know, even a condom can fail... :roll:



wetnwild
Posts: 359
Joined: March 15th, 2018, 9:33 am

Post by wetnwild » October 8th, 2020, 10:08 am

LustCore wrote:
October 5th, 2020, 6:27 pm
yobilinks wrote:
October 5th, 2020, 10:41 am
what else is vulnerable and we should know of?
Short answer is everything. Difference is the level of vulnerability. You know, even a condom can fail... :roll:
Very well put hon



rx_tom
Posts: 315
Joined: January 11th, 2019, 11:27 am

Post by rx_tom » October 11th, 2020, 12:18 pm

LustCore wrote:
October 5th, 2020, 6:27 pm
yobilinks wrote:
October 5th, 2020, 10:41 am
what else is vulnerable and we should know of?
Short answer is everything. Difference is the level of vulnerability. You know, even a condom can fail... :roll:
Keep plugins at a minimum is what I say and do, unless necessary screw adding more.



8 popular wp plugins hacked and exploited

Post Reply