发表于 | 更新于 | 分类于 | 评论数: | 阅读次数:
本文字数: 0

The Leancloud visitor counter plugin used in NexT has a big security bug, by which someone could change your visitor number easily and even add/delete records in your database.

This bug is found by LEAFERx and confirmed by Ivan.Nginx.

This bug could only be fixed manually.

Warning: All NexT sites using Leancloud visitor counter that are not fixed and other sites integrated this function by similiar ways are considered unsecurity. Please fix it as soon as possible.

阅读全文 »

发表于 | 更新于 | 分类于 | 评论数: | 阅读次数:
本文字数: 0

2018.04.22:根据@huozk指出,文档在此处有错误,如果之前没有初始化过,则插件报错。现已修复。

NexT主题使用的Leancloud访客统计插件存在重大安全漏洞,拥有不良企图的人利用该漏洞可随意更改访客数量或一定程度上增删数据库记录。
该漏洞由独立发现,并由Ivan.Nginx确认。

经过讨论后,我们认为该漏洞必须由使用者手动修复。本文给出了修复方法。
注意:所有使用该插件而未经修复的NexT站点或使用类似方法集成Leancloud访客统计功能的站点都被认为是不安全的,请尽快修复。

For International Users:
This post is a guide to fix a serious security bug in Leancloud visitor counter, which is found by me and confirmed by Ivan.Nginx.
Someone could use this bug to change your visitor number easily and even add/delete records in your database.
This bug could only be fixed manually.

Warning: All NexT sites using Leancloud visitor counter that are not fixed and other sites integrated this function by similiar ways are considered unsecurity. Please fix it as soon as possible!
English version guide is under translating and will be released in few days.
2018.3.16: English version guide is here

阅读全文 »

发表于 | 更新于 | 评论数: | 阅读次数:
本文字数: 0

本文于2018年1月1日首发于公众号Y92170号星星
号的主人是一位很厉(la)害(ji)的小姐姐 欢迎大家关注qwq
本来不打算发在这里的 毕竟是技术博客嘛
但是......随便了qwq说不定有打赏

阅读全文 »

发表于 | 更新于 | 分类于 | 评论数: | 阅读次数:
本文字数: 0

“世之奇伟、瑰怪、非常之观,常在于险远,而人之所罕至焉,故非有志者不能至也。”
王安石《游褒禅山记》

这是《计算机程序的构造和解释》(Structure and Interpretation of Computer Programs)笔记系列的第0篇
book cover

阅读全文 »
0%