Żądny wiedzy? Wbijaj na Mega Sekurak Hacking Party w maju! -30% z kodem: majearly
Krytyczna podatność w bardzo popularnym pluginie WordPressa (Contact Form 7). 5+ milionów instalacji i możliwość dostania się na serwer.
O temacie informuje Bleeping Computer: In the vulnerable versions, the plugin does not remove special characters from the uploaded filename, including the control character and separators. This could potentially allow an attacker to upload a filename containing double-extensions, separated by a non-printable or special character, such as a file called „abc.php .jpg.” Z opisu wynika,…
Czytaj dalej »