WordPress.org

Ready to get started?Download WordPress

Forums

vSlider Multi Image Slider for WordPress
[resolved] Warnning Vslider Zero Day Vulnerability [4.1.1 / timtumb 2.7] (4 posts)

  1. Mike Castro Demaria
    Member
    Posted 1 year ago #

    Hi,

    WARNING : upgrade timthumb version of the plugin !

    On of my server crashed, due to timthumb 2.7 security hole ! Read
    http://www.ivankristianto.com/hacking/timthumb-zero-day-vulnerability/1936/

    I hoe this help,
    Mike

    http://wordpress.org/extend/plugins/vslider/

  2. Mike Castro Demaria
    Member
    Posted 1 year ago #

    For the fun a short display of what you will have on your server if you are attacked :

    ......
    -rw------- 1 www-data www-data 56094 2013-02-06 13:56 timthumb_tmpimg_KKdENu
    -rw------- 1 www-data www-data 34584 2013-02-06 13:47 timthumb_tmpimg_kKelKl
    -rw------- 1 www-data www-data 53351 2013-02-06 13:41 timthumb_tmpimg_KkFPkY
    -rw------- 1 www-data www-data 53075 2013-02-06 13:41 timthumb_tmpimg_kkGIuc
    -rw------- 1 www-data www-data 46273 2013-02-06 13:34 timthumb_tmpimg_KKi8dN
    -rw------- 1 www-data www-data 46438 2013-02-06 14:23 timthumb_tmpimg_KkIobp
    -rw------- 1 www-data www-data 50088 2013-02-06 13:46 timthumb_tmpimg_Kkm3A4
    -rw------- 1 www-data www-data 50088 2013-02-06 12:42 timthumb_tmpimg_Kkm7b4
    .........

    Server crash due to 100% HD empty. And /tmp is cleaned on, reboot, but refill on eaxh request ....

  3. Mr. Vibe
    Member
    Plugin Author

    Posted 1 year ago #

    Please Upgrade to latest version 5.0.0.

    In case you have any issues, please post then here: http://vibethemes.com/forums/forumdisplay.php?30-vSlider

    Note: We've removed Timthumb.php and migrated to responsive Flexslider 2.0.
    If your slider was created out of Posts, do not panic. Try out the new vSlider Slide Generator, you'll get back your slides in matter of seconds.

  4. Mike Castro Demaria
    Member
    Posted 1 year ago #

    Hi Mr Vibe,

    Thanks you for the upgrade. I recently have lots of security trouble with WP 3.5 and a couple of plugin.

    I think it's a good idea to not use Timthumb.php who use temp file in excessand can filly our server of rubish t'ill go down.

    I have to report many attack technics to WP 3.5. It seem, there is an open hole if you allow writing from web server simply.

    Mike

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic