- UKWENZIWA KWEWEBHUSINGENZELWA YINI
- IZIKHOMBISIKWAKUDINGEKA UKUBA SENZE
- AMAZINGAIZINTENGO LETHU LEKHASI LEKHAYA ELIPHANSI
- CONTACTUMNIKELO ONGAYIBOPHE
Das beliebte WordPress-Plug-In mit dem Namen „Easy WP SMTP-Plug-In“ mit mehr als hunderttausend effektiven Installationen hat gerade ein Risiko entdeckt, lokho kuvumela umhlaseli ukuthi alawule isayithi. Isiphazamisi kule plugin ye-WordPress ivumela ama-cyberpunks, phinda ufake iphasiwedi yomqondisi futhi uthole ukugunyazwa okugcwele kwewebhusayithi.
Die festgestellte Sicherheitsanfälligkeit befindet sich in der Debug-Protokolldatei, okuyinto esengozini ngenxa yephutha eliyisisekelo endleleni i-plug-in ephatha ngayo ifolda. Ifolda yama-plugin kuseva enamafayela, ukuze igcinwe abasebenzisi, ngokuvamile equkethe ifayela elithi index.html elingenalutho. Inhloso yaleli fayela ukwenza lokhu, ukuvimbela umuntu, zulazulela kuleyo folda futhi ubone uhlu lwamafayela kuleyo mibhalo.
Uma umuntu ebuka lolu hlu lwamafayela, kungenzeka ukuthi ufinyelela kulawa mafayela, yini inkinga.
Ifolda, lapho leli fayela lokungena lokususa iphutha likhona, ayiqukethe ifayela elithi index.html. Kumaseva, lapho ukufakwa kuhlu kwenkomba yohla lwemibhalo kungakhutshaziwe, Ngokuzenzakalelayo, i-slob embi ingakwazi ukufinyelela leli fayela.
Okokuqala nokubaluleke kakhulu, bathola igama lomsebenzisi lezinga lomlawuli kusayithi le-WordPress. bayazama, Hack usebenzisa izindlela ezaziwayo.
Bese beya ekhasini lokungena le-WordPress bese bethumela isicelo sokusetha kabusha iphasiwedi ye-akhawunti yomlawuli.
Baphinde bathole ukufinyelela kumafayela okungena okususa iphutha futhi babuyisele isixhumanisi sokusetha kabusha iphasiwedi, ithunyelwe isiza se-WordPress. Uma ufinyelela lesi sixhumanisi, yifake, setha kabusha iphasiwedi bese ujabulele ukufinyelela okugcwele kusayithi.
Dieses Schwachstellen-Plug-In verwaltet ein Änderungsprotokoll, erekhoda zonke izinguquko kusibuyekezo ngasinye. I-changelog kufanele ifundwe, ukuze umsebenzisi abone, okwenziwa isibuyekezo.
Uma kutholwa ubungozi, yilokho onjiniyela be-plug-in abavame ukukuthola, ukuthi ubungozi buzocishwa. Lokhu kunikeza umthuthukisi we-WordPress ulwazi, akudingayo, ukwenza isinqumo esinolwazi. Ilogi yoshintsho, ukwazisa umshicileli ngakho, ukuthi isibuyekezo sidala ukuba sengozini kwezokuvikela, ivumela umshicileli, yenza isinqumo esinolwazi mayelana nokubuyekeza i-plug-in, ukugwema ukuhlaselwa kwama-hacker.
Kunconywa kakhulu, ukuthi bonke abasebenzisi be-Easy WP SMTP Plugin bathuthukela enguqulweni ephakeme kunenguqulo 1.4.2 Ukuze ubuyekeze.
Iwebhusayithi yekhwalithi iklanywe ngochwepheshe, ithuthukiswe ngochwepheshe futhi isetshenziswe ngochwepheshe. Ngokuvumelana nalesi siqubulo, sisebenza ku-ONMA scout ngokungcono kakhulu. Ungathembela kusevisi ye-ejensi ebanzi, izimo eziphezulu kanye nezinsizakalo ezihlakaniphile zabaklami bethu bewebhu, Ishiya abahleli bezinhlelo nabathuthukisi bewebhu.