Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > [GET] RevSlider 4.6 - URGENT SECURITY VULNERABILITY - Must read
Full Version: [GET] RevSlider 4.6 - URGENT SECURITY VULNERABILITY - Must read
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

lowno

09-04-2014, 10:45 AM
If you have any wordpress websites with Revolution Slider on it, this is a must read!

It is URGENT that you update rev slide RIGHT NOW!

There is a major security issue that is easy to exploit that requires an update to the plugin. Essentially all anyone has to do is enter the following url on a vulnerable website:
http://DOMAIN-HERE/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

That will download the wp-config.php file which includes your database credentials. I checked it on some of my sites and found several vulnerable. It is urgent that you update the plugin.

Steps to patch:
1. Download the latest version, here is a link straight from the developer
Code:
https://www.dropbox.com/s/2m9taf90gheka5d/codecanyon-2751380-slider-revolution-responsive-wordpress-plugin.zip?dl=0
2. Log into the wordpress website that has the plugin installed
3. Click on the settings for the plugin and scroll to the very bottom
4. There will be a button on the right to update the plugin
5. Self explanatory from there

Do not delete the plugin and reupload because all your sliders will be lost.

After you download the latest from the link above, you have to unzip the file and in there you will see the plugin and all the documentation.

Let's all keep this bumped for a few days so as many in the community will see it.

vankatrox

09-04-2014, 11:28 AM
thanks you....

lowno

09-04-2014, 11:46 AM
Your welcome. Lets get the word out to the BBHF community on this one.

Allstar007

09-04-2014, 01:26 PM
I cant even begin to thank you enough for this find you probably just saved ALL my sites. I really hope everyone sees this and fixes their sites asap. This is no joke and everyone using Rev-slider needs this like yesterday. I am still sorta new here but I want to give you max rep for this because like I said I never knew a slider would open a backdoor like this. 1000 Thank You's and max rep from me. I surely wish to bump this one.

OnceWild

09-04-2014, 01:54 PM
This is why I love this forum, people helping people.

+5 Rep added - Thank you very much lowno for your awesome share!

lowno

09-04-2014, 02:36 PM
Thanks guys, lets keep spreading the word on this forum since many of the themes shared do not get updated.

I almost crapped my pants when I saw how easy this hack was.

pirata_web

09-04-2014, 02:48 PM
The problem was fixed 29 updates back in 4.2 in February. OLD!

Allstar007

09-04-2014, 04:03 PM
It doesn't matter when it was fixed if you never knew about it the info is still fresh. It a great share period.

aminrod

09-04-2014, 09:46 PM
d***!! just tried this and its a terrible situation... database password everything... REP+

lowno

09-05-2014, 02:28 AM
pirata_web: you obviously have no clue. Most people don't buy the plugin to be able to have access to updates. They get it bundled in a theme and most themes are NEVER updated. Add to that, many on BBHF download a shared version of themes so all the more likely that the plugin is not updated.

And Allstar007 is right, the developer didn't notify anyone of the security issue.

This wouldn't be that big of a deal if Revolution Slider wasn't included in like every wordpress theme for sale on theme forrest.
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > [GET] RevSlider 4.6 - URGENT SECURITY VULNERABILITY - Must read
Reference URL's