Powered by Blogger.

A way to fix Revolution Slider Critical Vulnerability

August 19, 2020

Last day one of my clients told me his site was hacked. Then I help him removed all malware codes from his site. But today he said the site was hacked again. His hosting provided some log and pointed out it may be caused by the plugin of RevolutionSlider.  Because his site is too old and the plugin is integrated into the theme so he cannot upgrade RevolutionSlider directly, to avoid being hacked again, I did some small changes to prevent the vulnerability.


There are over 100,000 WordPress sites attacked, please check http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html for more.  And the vulnerability is described http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html.

You may have a quick test of open http://YOUR-DOMAIN/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php, if it returns some file or an attack reported by your security software( such as Norton ) then it means your site has Revolution Slider(RevSlider)  with the vulnerability.

The best way is to upgrade the plugin to the latest version then remove all malware files from your site. But there is some reason you cannot upgrade directly, such as you use a very old version of RevSlider, my client use 2.1.1 but the latest is 4.6.5, so the upgrading may cause some issue. Or your coders have made a custom change to Revolution Slider(RevSlider).

My client’s Revolution Slider(RevSlider) was integrated into the theme by the theme author so it is not a standard plugin in WordPress.  So it needs to find out where is Revolution Slider(RevSlider) then fix the vulnerability. The quickest way is to search into the theme folder by filename “revslider.php”.

Now here are the codes of how to fix Revolution Slider vulnerability.

Open the file /revolution-slider/inc_php/base.class.php , go to line 212 or search function onShowImage()

public static function onShowImage(){

before the line of

try{

Add the following codes:


$allowed_image_extension = array('JPG', 'PNG', 'GIF');
$image_extension_temp_a = explode('.', $pathImages );
$image_extension = '';
if( count($image_extension_temp_a) > 0 ){
$image_extension = $image_extension_temp_a[count($image_extension_temp_a) - 1];
}
$image_extension = strtoupper($image_extension);
if( !in_array($image_extension, $allowed_image_extension) ){
header("status: 500");
echo 'Invalid image';
exit();
}

For your reference paste the screen here.


Now open http://YOUR-DOMAIN/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php will not read out your configuration data.

Again, the best way is upgrading to the latest version, but if you cannot upgrade directly then you may use the above way.

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )