Kcfinder Upload Shell Vulnerability and Fix
Описание
Email: victor@easycodinglab.com, vsaggor@gmail.com
Are you aware kcfinder 2.51, 2.52 & 2.53 are vulnerable to shell upload? Shell script are scripts that can be used by hackers to hack your site or blog. This plugin is a popular plugin used by about 70 to 80% of websites and blogs.
The vulnerability allows unauthorise users to browse your image directory, rename your files, delete your files and the worse of it upload a shell file which can cripple your website or blog.
In this video I show you where the vulnerability is, how it looks like and how to fix it.
In order to fix it.
1. Download the latest version of ksfinder and replace it with your old kcfiner.
2. Don not forget to delete the old version from your system.
3. Open the config.php and use the session to to control who should have access.
Kcfinder 3.12: https://github.com/sunhater/kcfinder/releases/tag/3.12
Kcfinder Upload Shell Vulnerability and Fix
https://youtu.be/z_wtJSr1z0o
Рекомендуемые видео
