WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability

Posted on by

I came across this vulnerability at the weekend. The vulnerubility has been reportd to US-Cert and the author of the plugin.

Over View:
NextGEN Gallery plugin for WordPress allows remote directory browsing and unauthorized access to the gallery contents.

Description:
NextGEN Gallery plugin for WordPress does not prevent directory browsing and allows remote attackers to access the galleries and image files directly via HTTP requests. This issue may lead to unauthorized access to the private images or galleries which are not publicly available on the WordPress site/blog.

Exploit Syntax:
The image galleries can be accessed directly via HTTP request: http://www.website.com/wp-content/gallery/

Search engines such as Google can help attackers locate vulnerable websites by searching for the following phrase:

inurl:”/wp-content/gallery/”

Currently, Google returns more than 6 million websites in its search result for the above search phrase.

Impacts:

  1. Unauthorized access to data and files.
  2. Privacy issues due to search engine indexing and archiving.

Solutions:

  1. Add the following lines to WordPress .htaccess to prevent directory browsing:
    # Disable Directory Browsing
    Options All -Indexes
  2. Create an empty file with the name of index.html or index.php and save it in http://www.website.com/wp-content/gallery/ or your gallery folder.
  3. Use Disable Directory Listings plugin, http://wordpress.org/extend/plugins/disable-directory-listings/ (This solution has been provided by NextGEN Gallery author).

Vendor Information:

  1. http://WordPress.org/extend/plugins/nextgen-gallery/
  2. http://alexrabe.de/WordPress-plugins/nextgen-gallery/

Product Details:

  1. NextGEN Gallery
  2. Version: 1.9.2
  3. Last update: Jan 17, 2012

Koobface Gangs Investigative Report

Posted on by

Sophos has published details, on its Naked Security Blog, of an investigativereport about the Koobface gang who infected thousands of PCs with malware via Facebook and, according to NewYorkTimes, gained millions of dollars in doing so.

The investigation was carried out by Jan Drömer, an independent researcher, and Dirk Kollberg from SophosLabs between October 2009 and February 2010.

The report is informative and useful for those who are interested in cyber forensic investigation. The investigation started by identifying the command and control server and then through analysis this led to a script which contained the suspects phone numbers! Additional information was also found from the various user names used on the server. The full evidence is now in the hands of the law enforcement agencies.

Cloud Storage and its Security Implications

Posted on by

Instant messaging (IM) programs such as Yahoo Messenger, Google Talk and ICQ have been a challenge for IT security professionals for many years. Personally, I have dealt with IM and P2P file-sharing security issues in many different environments, from educational institutions to large corporates. I have tried to control them using different security appliances and solutions including Microsoft ISA Server and Cisco PIX along with security awareness and training for staff.

However, in turns of security issues, IM and P2P file-sharing programs are being superseded by cloud drive utilities such as DropBox and CloudMe Easy Upload. Cloud storage is being used to over come email attachment limitation and to facilitate better file sharing. However, this type of application introduces new problems for information security professionals.

Paul Asadoorian at Tenable Network Security blog has written an interesting article about cloud storage security issues in corporate networks. He discusses the challenges and provides a solution by introducing a new plugin for Tenable’s Nessus vulnerability scanner which can detect DropBox on Microsoft Windows and OS X.

Live Hacking V1.3

Posted on by

I am pleased to announce an updated version of Live Hacking’s free Linux distribution designed for penetration testing and ethical hacking. V1.3 has updated over 140 packages including Metasploit and Firefox.

New in this release is Metasploit Framework 3.6 which now comes with post-exploitation modules that can be run on exploited systems to perform actions such as gathering additional information, pivoting to other networks and elevating system privileges.

The Live Hacking Linux distribution is a ‘Live DVD’ which boots directly from your DVD and doesn’t need to be installed on your computer. You can read more about this release here and grab a copy here.

Hacker Creates Modified Symbian S60 Firmware with Hidden Back Door

Posted on by

Professional security researcher, hacker and MalCon speaker Atul Alex has analyzed the firmware for the Symbian S60 smartphone (which also runs on the Nokia 5800, Nokia X6, Nokia 5530XM, Sony Ericsson Satio and Sony Ericsson Vivaz) and created a modified firmware with a back door which allows a 3rd party to record telephone calls and download emails, telephone lists and text messages from the phone’s memory.

Read the full story here.

New Variant of GpCode Back – Still Demanding Ransom Money to Free Your Data

Posted on by

A new variant of the troublesome and harmful GpCode trojan has been detected by Kaspersky Lab. Tagged as Trojan-Ransom.Win32.GpCode.ax this trojan, which spreads via malicious websites and P2P networks, encrypts files on the infected computer and then asks for money in order to decrypt the files. Such trojans are of known as ransomware or cryptovirology.

Read the full story here.