• Skip to content
  • Skip to primary sidebar

Information Security Expert Blog

Dr. Ali Jahangiri

Vulnerability

WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability

January 30, 2012 By Ali Jahangiri

I came across this vulnerability at the weekend. The vulnerubility has been reportd to US-Cert and the author of the plugin.

Over View:
NextGEN Gallery plugin for WordPress allows remote directory browsing and unauthorized access to the gallery contents.

Description:
NextGEN Gallery plugin for WordPress does not prevent directory browsing and allows remote attackers to access the galleries and image files directly via HTTP requests. This issue may lead to unauthorized access to the private images or galleries which are not publicly available on the WordPress site/blog.

Exploit Syntax:
The image galleries can be accessed directly via HTTP request: http://www.website.com/wp-content/gallery/

Search engines such as Google can help attackers locate vulnerable websites by searching for the following phrase:

inurl:”/wp-content/gallery/”

Currently, Google returns more than 6 million websites in its search result for the above search phrase.

Impacts:

  1. Unauthorized access to data and files.
  2. Privacy issues due to search engine indexing and archiving.

Solutions:

  1. Add the following lines to WordPress .htaccess to prevent directory browsing:
    # Disable Directory Browsing
    Options All -Indexes
  2. Create an empty file with the name of index.html or index.php and save it in http://www.website.com/wp-content/gallery/ or your gallery folder.
  3. Use Disable Directory Listings plugin, http://wordpress.org/extend/plugins/disable-directory-listings/ (This solution has been provided by NextGEN Gallery author).

Vendor Information:

  1. http://WordPress.org/extend/plugins/nextgen-gallery/
  2. http://alexrabe.de/WordPress-plugins/nextgen-gallery/

Product Details:

  1. NextGEN Gallery
  2. Version: 1.9.2 – 1.9.3
  3. Last update: Jan 17, 2012

Update: This issue did not fix in version 1.9.3

Filed Under: Vulnerability Tagged With: Directory Browsing Vulnerability, NextGEN Gallery, Vulnerability, wordpress

Apple is In Top Ten Vendors with Most Vulnerabilities

July 19, 2010 By Ali Jahangiri

Vulnerability scanner software and appliances are popular in information security communities. They are known for their ease of use by those who are looking for an automated solution to test computer networks and systems. However, I personally do not recommend them as the ultimate solution for security assessment or penetration testing. The design of these tools are based on known vulnerabilities and theoretical knowledge.

I always recommend practical knowledge rather than theory. I always ask my students and colleagues to develop their knowledge in a way that their knowledge becomes their best tool. However, today I want to call on companies and professionals to develop vulnerability assessment tools and solutions for Apple devices and the Mac OS X operating system.

Although, Mac OS X is based on UNIX combined with Apple’s customized graphical user interface (which has also been further customized for iOS, iPhone, iPod and iPad), this UNIX is far from its origin.  Furthermore, the growing number of customers which use Apple devices and the different versions of Mac OS, has changed the market trend and Apple’s market share.

Moreover,  third party applications for Mac OS X and particularly iOS are not tested for security related issues or vulnerabilities. Prior to their publication, these applications are usually just tested with an antivirus application to check for any known viruses or malicious codes.

Although, Apple provides resources on its website for secure coding, this is not enough. It is now necessary, more than ever, for other companies and professionals to develop new tools, frameworks and testing procedures for Mac OS X and Apple devices.

With reference to the Secunia Half Year Report 2010, Apple has now taken the first place in the list of top ten vendors with the most vulnerabilities. In second and third places are Oracle and Microsoft.

Filed Under: Apple, Opinion, Penetration Test, Vulnerability Tagged With: Apple OS x, iPAD, iPhone, Leopard, Vulnerability

Primary Sidebar

Recent Posts

  • Simple PHP Shell Script
  • MasterCard Australia: Untrusted SSL Certificate
  • How to Test Snort with Penetration Testing Tools
  • WordPress NextGEN Gallery Plugin; Directory Browsing Vulnerability
  • Koobface Gangs Investigative Report

Archives

Categories

Links

  • My Facebook Page
  • My Website
  • Privacy

RSS From LiveHacking.com

  • Nmap 7 Released!
  • Apple fixes security vulnerabilities in Safari, OS X, iOS and Apple TV
  • The OpenSSL project releases new versions of its software to squash 12 security vulnerabilities
  • FREAK vulnerability weakens secure Web sites
  • WP-Slimstat vulnerability exposes WordPress websites to SQL injection attacks
  • Google backpedals on its arbitrary vulnerability disclosure policy
  • Cross Site Scripting vulnerability found in IE 11
  • Apple updates iOS, OS X and Apple TV in monster patch release
  • Google discloses three more zero-day vulnerabilities, this time for OS X
  • Microsoft to fix Windows vulnerability that Google publicly disclosed last week

. Copyright 2007 - 2013 Information Security Expert Blog . All Rights Reserved .