Leaderboard

Dau moca orice/toate plugin de pe WPMUDEV https://premium.wpmudev.org/projects/category/plugins/ 1. Sunteti de acord sa NU le mai distribuiti (in orice fel) fara permisiunea mea 2. Sunteti de acord sa NU le folositi in scopuri comerciale. Daca intentionati asta atunci putem negocia o donatie. 3. 600+ posturi pe RST (Cei care nu indepliniti #3 putem negocia o donatie BTC/PayPal in functie de cantitatea dorita) Pe WPMUDEV sunt momentan 350+ pluginuri premium WordPress. P.S. - momentan nu exista o functie de download automata a tuturor pluginurilor in dashboard-ul de acolo deci daca cineva le doreste pe toate este necesar sa le downloadez pe toate manual - lucru ce necesita timp si efort. As prefera o donatie pentru acest lucru (de o bere) insa nu e obligatoriu

@p3tru ai pm.

A critical vulnerability has been discovered in the most popular plugin of the WordPress content management platform (CMS) that puts tens of Millions of websites at risks of being hacked by the attackers. The vulnerability actually resides in most versions of a WordPress plugin known as ‘WordPress SEO by Yoast,’ which has more than 14 Million downloads according to Yoast website, making it one of the most popular plugins of WordPress for easily optimizing websites for search engines i.e Search engine optimization (SEO). The vulnerability in WordPress SEO by Yoast has been discovered by Ryan Dewhurst, developer of the WordPress vulnerability scanner ‘WPScan’. All the versions prior to 1.7.3.3 of ‘WordPress SEO by Yoast’ are vulnerable to Blind SQL Injection web application flaw, according to an advisory published today. SQL injection (SQLi) vulnerabilities are ranked as critical one because it could cause a database breach and lead to confidential information leakage. Basically in SQLi attack, an attacker inserts a malformed SQL query into an application via client-side input. HOW YOAST VULNERABILITY WORKS However, in this scenario, an outside hacker can’t trigger this vulnerability itself because the flaw actually resides in the 'admin/class-bulk-editor-list-table.php' file, which is authorized to be accessed by WordPress Admin, Editor or Author privileged users only. Therefore, in order to successfully exploit this vulnerability, it is required to trigger the exploit from authorized users only. This can be achieved with the help of social engineering, where an attacker can trick authorized user to click on a specially crafted payload exploitable URL. If the authorized WordPress user falls victim to the attack, this could allow the exploit to execute arbitrary SQL queries on the victim WordPress web site, Ryan explained to security blogger Graham Cluley. Ryan also released a proof-of-concept payload of Blind SQL Injection vulnerability in ‘WordPress SEO by Yoast’, which is as follows: http://victim-wordpress-website.com/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc PATCH FOR YOAST SQLi VULNERABILITY However, the vulnerability has reportedly been patched in the latest version of WordPress SEO by Yoast (1.7.4) by Yoast WordPress plugin developers, and change log mentions that latest version has "fixed possible CSRF and blind SQL injection vulnerabilities in bulk editor." Generally, it has been believed that if you have not installed WordPress Yoast for SEO, then your WordPress website is seriously incomplete. The vulnerability is really serious for website owners who wish to increase their search engine traffic by using this plugin. Therefore, WordPress administrators with disabled Auto-update feature are recommended to upgrade their WordPress SEO by Yoast plugin as soon as possible or they can manually download the latest version from WordPress plugin repository. If you have installed WordPress 3.7 version and above, then you can enable fully automate updating of your plugins and themes from Manage > Plugins & Themes > Auto Updates tab.

Promit ca nu le dau mai departe tocmai ce i-am donat omului cei 5$ macar sa nu piarda timpul degeaba.

rstforums.com passwords - BugMeNot

Sesizez o vulnerabilitate a sitului sau cineva sia bagat coada pe aici rog ca un admin sa traga cu ochiu Pe bune>?

Buna. Vreau sa va pun cateva intrebari despre root pentru flood. In primul rand vreau sa va zic ca sunt nou in aceasta "lume" sa zic asa. si vreau sa cumpar de la cineva un root pentru flood. Vreau sa intreb daca il ii schimb parola il mai poate recupera? El de unde il are?. Acest root are si el un emai-l sau ceva?.. Adica , cum poate cineva sa aibe root-ul sau? (asta cu email-u cred ca e o intrebare tampita.. dar na:)) ) Am auzit de ceva root-uri pentru scan, le folosesti ca sa gasesti alte root-uri? .. Va rog sa ma lamuriti putin cu ceva informatii despre astea ca nu ma pricep foarte bine. Ps: Oricum, nu e vorba de teapa sau asa. e un baiat de la mine din judet, dar vreau doar sa stiu daca ii schimb parola daca mai are si el acces. a-si vrea sa fie doar al meu.. PS: Fara off-topic va rog.