Support » Plugin: BackUpWordPress » Heads Up

  • Resolved AITpro

    (@aitpro)


    I was able to beat this relatively quickly and compromise a test site.

    define( 'HMBKP_SECURE_KEY', md5( ABSPATH . time() ) );

    I was not able to compromise the test site by changing this code.

    $contents[]	= '# ' . sprintf( __( 'This %s file ensures that other people cannot download your backup files.', 'hmbkp' ), '.htaccess' );
    		$contents[] = '';
    		//$contents[] = '<IfModule mod_rewrite.c>';
    		//$contents[] = 'RewriteEngine On';
    		//$contents[] = 'RewriteCond %{QUERY_STRING} !key=' . HMBKP_SECURE_KEY;
    		//$contents[] = 'RewriteRule (.*) - [F]';
    		//$contents[] = '</IfModule>';
    		$contents[] = 'order deny,allow';
    		$contents[] = 'deny from all';
    		$contents[] = '';

    http://wordpress.org/extend/plugins/backupwordpress/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Tom Willmot

    (@willmot)

    Hey there,

    Thanks for flagging this, could you email me at tom@hmn.md so we can carry this conversation on in private.

    Kind Regards,

    Tom Willmot

    Plugin Author Tom Willmot

    (@willmot)

    Just to followup here, I’ve been working with AITpro off-list.

    Ultimately it lead to an improvement in how the HMBKP_SECURE_KEY is generated which would make his approach impossible.

    I’ll release this in the next release, it’s a minor security hardening issue.

    “Improvement” is an understatement – Your solution is absolutely brilliant!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Heads Up’ is closed to new replies.