Random General Questions

Home Forums BulletProof Security Pro Random General Questions

Viewing 4 posts - 346 through 349 (of 349 total)
  • Author
    Posts
  • #33939
    Mohan
    Participant

    Maliciously​ ​ uploaded​ ​ files (.html, .php.jpg, etc)​ ​ represent​ ​ a ​ ​ significant​ ​ risk​ ​ to​ ​ applications.​ ​ Any​ ​ attacker​ ​ always​ ​ tries
    to​ ​ find​ ​ a ​ ​ way​ ​ to​ ​ get​ ​ a ​ ​ code​ ​ onto​ ​ a ​ ​ victim​ ​ system,​ ​ and​ ​ then
    looks​ ​ for​ ​ a ​ ​ way​ ​ to​ ​ execute​ ​ that​ ​ code.​ ​ Using​ ​ an​ ​ uploaded​ ​ file​ ​ accomplishes​ ​ this​ ​ first​ ​ step.​ ​ Here,
    application​ ​ allows​ ​ double​ ​ extension​ ​ file​ ​ upload​ ​ and​ ​ any
    extension​ ​ file​ ​ to​ ​ upload.​ ​ There​ ​ is​ ​ no​ ​ validation​ ​ for​ ​ file​ ​ upload and ​ upload​ ​ of​ ​ double​ ​ extension​ ​ file​ ​test.php.jpg

    #33943
    AITpro Admin
    Keymaster

    @ Mohan – All upload forms in WP, plugins or themes should have sanitization and validation security coding the protects against this type of exploit.  If a particular plugin or them upload form does not have that built-in sanitization and validation security coding or there is a bug in that plugin’s or theme’s upload form then the plugin or theme author should be notified immediately to fix that bug.  BPS Pro UAEG protects against uploaded files being accessed, executed or processed in the WP /uploads/ folder.

    #35394
    bsugar7
    Participant

    Normally if I contact AIT Pro with an issue they help out. This time, however they broke my website instead of helping out. This happened yesterday.

    They were willing to sort it out yesterday and were waiting on me to provide FTP details. I provided this this morning and been chasing this all day but have heard absolutely nothing.

    I am very worried and need my website restored urgently. Does anyone know if AIT Pro have a contact number or any other way I can contact them. This is becoming a nightmare.  I appreciate any feedback you can provide. Thanks

    #35396
    AITpro Admin
    Keymaster

    @ bsugar7 – We received your response emails from yesterday several hours later (12+ hours later) after we were already closed:  at 2:26am, 4:39am, 5:19am, 7:32am, and 7:33am PDT time this morning and will be contacting you shortly to fix the problems on your website.  Our hours of operation are Monday – Saturday 8am – 10pm PDT time.

    Note:  AITpro is located in Los Angeles CA USA. Our time is 8 hours behind London UK time (your time). When it is 9am our time it is 5pm London UK time. Thank you.

Viewing 4 posts - 346 through 349 (of 349 total)
  • You must be logged in to reply to this topic.