10 noviembre, 2020

Episode 94: Hosting Provider Exposed 63 Million Customer Records

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and the accidental 5.5.3-alpha autoupdate. We talk about object injection vulnerabilities like the one discovered in […] More info: https://www.wordfence.com/blog/2020/11/episode-94-hosting-provider-exposed-63-million-customer-records/

jQuery(document).ready(function ($) { var wgm_map = new google.maps.Map(document.getElementById("srm_gmp_embed_1"), { center: new google.maps.LatLng(40.19124029999999,-3.6740181999999777), zoom: 13, mapTypeId: google.maps.MapTypeId.ROADMAP, scrollwheel: true, zoomControl: true, mapTypeControl: true, streetViewControl: true, fullscreenControl: true, draggable: true, disableDoubleClickZoom: false, panControl: true }); var wgm_theme_json = null; if (wgm_theme_json && wgm_theme_json.length > 0) { try { wgm_map.setOptions({ styles: JSON.parse(wgm_theme_json) }); } catch (e) { console.error('Invalid map theme JSON:', e); } } // To view directions form and data var wgm_data_1 = { 'action': 'wpgmapembed_p_get_markers_by_map_id', _wgm_p_nonce: 'c43256c715', 'data': { map_id: '106' } }; var wgm_ajaxurl_1 = 'https://garsan.synology.me/wordpress/wp-admin/admin-ajax.php' jQuery.post(wgm_ajaxurl_1, wgm_data_1, function (response) { response = JSON.parse(response); if (response.markers.length === 1) { var wgm_marker_to_1 = response.markers[0].marker_desc; jQuery('#srm_gmap_to_1').val(wgm_marker_to_1.replace(/(]+)>)/gi, "")); } var wgm_default_marker_icon_1 = 'https://maps.gstatic.com/mapfiles/api-3/images/spotlight-poi2.png'; if (response.markers.length > 0) { var custom_markers = []; var custom_marker_infowindows = []; response.markers.forEach(function (wgm_marker, i) { var wgm_marker_lat_lng_1 = wgm_marker.lat_lng.split(','); wgm_custom_marker_1 = new google.maps.Marker({ position: new google.maps.LatLng(wgm_marker_lat_lng_1[0], wgm_marker_lat_lng_1[1]), title: wgm_marker.marker_name, animation: google.maps.Animation.DROP, icon: (wgm_marker.icon === '') ? wgm_default_marker_icon_1 : wgm_marker.icon }); custom_markers[i] = wgm_custom_marker_1; wgm_custom_marker_1.setMap(wgm_map); var wgm_marker_name_1 = (wgm_marker.marker_name !== null) ? ('' + wgm_marker.marker_name + '
') : ''; custom_marker_infowindow = new google.maps.InfoWindow({ content: wgm_marker_name_1 + wgm_marker.marker_desc }); custom_marker_infowindows[i] = custom_marker_infowindow; if (wgm_marker.show_desc_by_default === '1') { custom_marker_infowindow.open({ anchor: wgm_custom_marker_1, shouldFocus: false }); } else { google.maps.event.addListener(wgm_custom_marker_1, 'click', function () { custom_marker_infowindows[i].open({ anchor: custom_markers[i], shouldFocus: false }); }); } if (wgm_marker.have_marker_link === '1') { google.maps.event.addListener(wgm_custom_marker_1, 'click', function () { var wgm_target = '_self'; if (wgm_marker.marker_link_new_tab === '1') { wgm_target = '_blank'; } window.open(wgm_marker.marker_link, wgm_target); }); } }); } }); });

Translate »