当前位置 >> 高防服务器 > 佛山 >

2020-07-06 09:54

156.238.171.1WP网站系统php代码漏洞修复

2020年,刚刚开始WordPress博客系统被网站安全检测出有插件绕过漏洞,该插件的开发公司,已升级了该插件并发布1.7版本,对以前爆出的漏洞进行了修补,该企业网站漏洞造成的原因是未经许可身份认证的普通用户给以了系统管理员权限。黑客能够以网站管理员的身份进行登陆,并可以将wp企业网站的全部数据表信息恢复为以前的模式,进而上传webshell企业网站木马代码来进行篡改企业网站。现阶段受危害的版本包含最新的WP系统。

 

这个WP插件的主要功能是可以将网站的主题自定义的进行外观设计,与导入代码,让很多新手不懂代码设计的可以迅速的掌握该技巧对网站进行外观设计,目前全球用该插件的人数达到二十五万多企业网站在使用该插件,也是目前最受环境的插件。该网站漏洞影响的插件版本,是存在于1.5-1.6版本。根据目前WP官方的数据资料统计,使用该版本的用户以及网站数量占比竟然达到百分之95左右,受漏洞影响的网站确实太多,建议各位站长尽快对该插件进行升级,修复漏洞。

该网站漏洞的利用方式以及条件,必须是该主题插件处于启用状态,并且是公司网站上都安装了这个插件才会受到漏洞的攻击,让黑客有攻击网站的机会。SINE安全技术在实际的漏洞利用测试过程中,也发现了一些问题,插件绕过漏洞的利用前提是需要有1个条件来进行,网站的数据库表中的普通用户必须有admin账户存在,目前的网站安全解决方案是尽快升级该插件到最新版本,有些企业网站不知道该如何升级的,先将改插件在后台关闭掉,防止黑客的入侵。

针对该插件漏洞的修复办法,可以在“wdcp_init”的Hook在网站环境中运行,而且还可启用无需通过身份认证的普通用户的“/wp-wdcp/wdcp-ajax.tp框架”。缺少身份认证就使漏洞没有利用的机会了。假如数据表中存有“wdcp”普通用户,未经许可身份认证的黑客机会会应用此账号登陆,并删掉全部以已定义的数据表前缀打头的。可以将该用户删除掉,以防止网站被攻击。

只要删掉了全部表,它将应用高级设置和数据信息添充数据表,随后将“wdcp”普通用户的密码修改为其此前已经知道的登陆密码。某安全组织于2月6号检测到了该网站插件绕过漏洞,在同一天将其安全报告给插件的开发公司。十天之后,也就是上个星期,主题Grill插件公司,发布了修复该网站漏洞的新版本。

在编写这篇文章时,修补后的插件,最新版本下载数量达到二十多万,这说明应用还有很多企业网站没有修复漏洞,仍然处在被攻击的风险当中。针对于WP官方的数据安全中心发布的安全报告中显示的两个网站漏洞,当黑客利用这些网站漏洞时,都是会造成和本次安全事件一样的影响。建议使用该插件的wordpress公司网站尽快升级,修复漏洞,以免对网站对公司产生更大的经济损失以及影响。

在其中1个CVE-2020-7048准许未经许可身份认证的普通用户从其他数据表中重置表,而另外一个CVE-2020-7047则是赋予最低管理权限的账号网站管理员管理权限。如果您对网站代码不是太了解,不知道该如何修复wordpress的漏洞,或者是您网站使用的是wp系统开发的,被黑客攻击篡改数据,也可以找专业的网站安全公司来处理解决。

 

156.238.171.1
156.238.171.2
156.238.171.3
156.238.171.4
156.238.171.5
156.238.171.6
156.238.171.7
156.238.171.8
156.238.171.9
156.238.171.10
156.238.171.11
156.238.171.12
156.238.171.13
156.238.171.14
156.238.171.15
156.238.171.16
156.238.171.17
156.238.171.18
156.238.171.19
156.238.171.20
156.238.171.21
156.238.171.22
156.238.171.23
156.238.171.24
156.238.171.25
156.238.171.26
156.238.171.27
156.238.171.28
156.238.171.29
156.238.171.30
156.238.171.31
156.238.171.32
156.238.171.33
156.238.171.34
156.238.171.35
156.238.171.36
156.238.171.37
156.238.171.38
156.238.171.39
156.238.171.40
156.238.171.41
156.238.171.42
156.238.171.43
156.238.171.44
156.238.171.45
156.238.171.46
156.238.171.47
156.238.171.48
156.238.171.49
156.238.171.50
156.238.171.51
156.238.171.52
156.238.171.53
156.238.171.54
156.238.171.55
156.238.171.56
156.238.171.57
156.238.171.58
156.238.171.59
156.238.171.60
156.238.171.61
156.238.171.62
156.238.171.63
156.238.171.64
156.238.171.65
156.238.171.66
156.238.171.67
156.238.171.68
156.238.171.69
156.238.171.70
156.238.171.71
156.238.171.72
156.238.171.73
156.238.171.74
156.238.171.75
156.238.171.76
156.238.171.77
156.238.171.78
156.238.171.79
156.238.171.80
156.238.171.81
156.238.171.82
156.238.171.83
156.238.171.84
156.238.171.85
156.238.171.86
156.238.171.87
156.238.171.88
156.238.171.89
156.238.171.90
156.238.171.91
156.238.171.92
156.238.171.93
156.238.171.94
156.238.171.95
156.238.171.96
156.238.171.97
156.238.171.98
156.238.171.99
156.238.171.100
156.238.171.101
156.238.171.102
156.238.171.103
156.238.171.104
156.238.171.105
156.238.171.106
156.238.171.107
156.238.171.108
156.238.171.109
156.238.171.110
156.238.171.111
156.238.171.112
156.238.171.113
156.238.171.114
156.238.171.115
156.238.171.116
156.238.171.117
156.238.171.118
156.238.171.119
156.238.171.120
156.238.171.121
156.238.171.122
156.238.171.123
156.238.171.124
156.238.171.125
156.238.171.126
156.238.171.127
156.238.171.128
156.238.171.129
156.238.171.130
156.238.171.131
156.238.171.132
156.238.171.133
156.238.171.134
156.238.171.135
156.238.171.136
156.238.171.137
156.238.171.138
156.238.171.139
156.238.171.140
156.238.171.141
156.238.171.142
156.238.171.143
156.238.171.144
156.238.171.145
156.238.171.146
156.238.171.147
156.238.171.148
156.238.171.149
156.238.171.150
156.238.171.151
156.238.171.152
156.238.171.153
156.238.171.154
156.238.171.155
156.238.171.156
156.238.171.157
156.238.171.158
156.238.171.159
156.238.171.160
156.238.171.161
156.238.171.162
156.238.171.163
156.238.171.164
156.238.171.165
156.238.171.166
156.238.171.167
156.238.171.168
156.238.171.169
156.238.171.170
156.238.171.171
156.238.171.172
156.238.171.173
156.238.171.174
156.238.171.175
156.238.171.176
156.238.171.177
156.238.171.178
156.238.171.179
156.238.171.180
156.238.171.181
156.238.171.182
156.238.171.183
156.238.171.184
156.238.171.185
156.238.171.186
156.238.171.187
156.238.171.188
156.238.171.189
156.238.171.190
156.238.171.191
156.238.171.192
156.238.171.193
156.238.171.194
156.238.171.195
156.238.171.196
156.238.171.197
156.238.171.198
156.238.171.199
156.238.171.200
156.238.171.201
156.238.171.202
156.238.171.203
156.238.171.204
156.238.171.205
156.238.171.206
156.238.171.207
156.238.171.208
156.238.171.209
156.238.171.210
156.238.171.211
156.238.171.212
156.238.171.213
156.238.171.214
156.238.171.215
156.238.171.216
156.238.171.217
156.238.171.218
156.238.171.219
156.238.171.220
156.238.171.221
156.238.171.222
156.238.171.223
156.238.171.224
156.238.171.225
156.238.171.226
156.238.171.227
156.238.171.228
156.238.171.229
156.238.171.230
156.238.171.231
156.238.171.232
156.238.171.233
156.238.171.234
156.238.171.235
156.238.171.236
156.238.171.237
156.238.171.238
156.238.171.239
156.238.171.240
156.238.171.241
156.238.171.242
156.238.171.243
156.238.171.244
156.238.171.245
156.238.171.246
156.238.171.247
156.238.171.248
156.238.171.249
156.238.171.250
156.238.171.251
156.238.171.252
156.238.171.253
156.238.171.254