Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

NextGEN Gallery WordPress Plugin is Vulnerable- Millions of Websites Are At Risk

 

 

The “NextGEN Gallery” plugin is the fifth most famous plugin of WordPress. According to Wikipedia, till July 2016 this plugin had been installed by 15 million users. The number of current users could be very high. The “NextGEN Gallery” is an open source image management plugin. The web admins are using this plugin to manage image media of their websites. Millions of websites are at risk because this “NextGEN Gallery” plugin is vulnerable to a critical SQL Injection flaw. This vulnerability has been discovered by the security experts of “Sucuri”. 

 

How does This Vulnerability work?

According to the security experts of Sucuri, when they were reviewing the source code of this “NextGEN Gallery” they noticed that the values of “$container_ids” string were not properly sanitized and it was created from tag input. This method can protect the plugin from “SQL Injection” but an attacker can still inject an arbitrary code string into the plugin. The arbitrary codes could create issues with the abstraction prepare() method of WordPress database. This could allow an attacker to control the database of a WordPress website. This security issue has been fixed by the development team and a new version 2.1.79 of “NextGEN Gallery” plugin is now available. If you are using this image management plugin, please update it as soon as possible.

 

What Can Hackers Do By Exploiting This Vulnerability?

  • The hackers could exploit this vulnerability to get the access of website’s backend.
  • By using some malicious codes, hackers could exploit this vulnerability to steal sensitive data from the database.
  • Hackers could also steal secret keys and passwords.

 

Enroll For: CDI-CWSE (Certified Web Security Expert), Batch Starts on 27-March-2017

 

Hackers Could Exploit This Vulnerability in Two Different Ways

The security experts said that an attacker can exploit this vulnerability in two different scenarios:

  1. If the web admin is allowing all the users to submit posts to the photos, then an attacker can inject malicious SQL queries through shortcodes.
  2. If the web admins are using NextGEN Basic TagCloud Gallery, then it is possible for an attacker to inject SQL queries by modifying URL of the photo gallery.

 

The security experts of Sucuri further explained that an attacker can inject following type of payloads to exploit $wpdb->prepare:

http://target.url/2017/01/17/new-one/nggallery/tags/test%251%24%25s))%20or%201=1%23

http://target.url/2017/01/17/new-one/nggallery/tags/test%251%24%25s))%20or%201=2%23

 

Conclusion

The famous “NextGEN Gallery” WordPress plugin is vulnerable to SQL Injection attack. If you are using this plugin, update it to its latest version as soon as possible. In December 2016, the security researchers of RIPS technologies also published a report to warn people that 8800 plugins of WordPress out of 45000 were vulnerable to major cyber attacks including XSS and SQL Injection. This vulnerability of NextGEN Gallery plugin has not been exploited by hackers in wild this time, but it could happen very soon. Don’t be lazy, update the plugin ASAP.

 

Source: securityaffairs.co

Also Read: 

Out of 45000 Total WordPress Plugins, 8800 Are Vulnerable

Adwind RAT is Back, Infected 1500 Organizations Worldwide

Singapore- Government System Hacked, Information Stolen By Bad Actors

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.