Comments on: Please update MyGallery Plugin

By: xTown.net » Hackergeschmeiss » Von CRen » Schadensbegrenzung, Schuldige gefunden, NACHTRAG, Und, Bilder, Sackgesichter, Schuldige, Hacker, Blog-System, Gelegenheit, Ordner, Berechtigungen, Angriffe, myGallery

Thu, 28 Jun 2007 20:47:50 +0000

[...] die Fehler, die für die Angriffe gesorgt haben: Programmierfehler in den Plugins Wordtube und myGallery. Wer diese verwendet, sollte schleunigst auf die aktuellste Version [...]

By: WordPress Wednesday News: Almost 1 Million WordPress.com Blogs, Over 4 Million Themes Downloaded, and You Want More News? at The Blog Herald

Wed, 02 May 2007 22:18:19 +0000

[...] the MyGallery WordPress Plugin: Weblog Tools Collection warns that if you are using the MyGallery Plugin for Wordpress, update it immediately. A vulnerability [...]

By: Wordpress-Exploits | NERD an der COSTA BLANCA

Wordpress-Exploits | NERD an der COSTA BLANCA — Wed, 02 May 2007 05:11:33 +0000

[...] Ã¤uÃŸert sich unter dazu und verweist gleich noch auf einen schon ein paar alte Tage alten Hack von myGallery. Der Exploit befindet sich ebenfalls auf milw0rm ( http://www.milw0rm.com/exploits/3814 ). Allen [...]

By: ttancm

ttancm — Wed, 02 May 2007 01:18:02 +0000

mute = moot =P

By: ttancm

ttancm — Wed, 02 May 2007 00:47:53 +0000

Mark,
Definitely understandable, sort of mute anyway since as far as I can tell the exploit lets them do pretty much anything they want.

By: Alex Rabe

Alex Rabe — Tue, 01 May 2007 21:29:02 +0000

Please update also wordTube,wp-table and myFlash. I have a similar problem in this plugins. All versions at wordpress.org and on my homepage are now safe… Sorry for the problems.

By: BIG security issue ! at alex.rabe

BIG security issue ! at alex.rabe — Tue, 01 May 2007 18:24:20 +0000

[...] http://weblogtoolscollection.c.....ry-plugin/ [...]

By: John Bollwitt

John Bollwitt — Tue, 01 May 2007 16:24:24 +0000

Thanks for this heads up! One of my sites, radiozoom.net, went down after a mygallery problem showed up. Couldn’t even get into the front page. I removed the plugin physcally in case this was the problem, and apparently it was. Will update ASAP.

By: Mark

Mark — Tue, 01 May 2007 12:54:32 +0000

ttancm, I tried to stay away from describing the vulnerability here. Just search on google for myplugin vulnerability and you should find lots of resources.

By: ttancm

ttancm — Tue, 01 May 2007 11:39:41 +0000

BTW, any details on this vulnerability? Anything in particular we should look for to make sure our sites weren’t compromised?

(I don’t need details on how to carry out the exploit, just what type of behavior the vulnerability allows)

By: ttancm

ttancm — Tue, 01 May 2007 11:31:59 +0000

Thanks for the tip!

Nice since I didn’t get anything from the plugin author although I am subscribed to the comments on his main plugin description…

By: Nick

Nick — Tue, 01 May 2007 09:21:09 +0000

I’d recommend people subscribe to the Milw0rm rss of latest exploits, even if people aren’t interested in hackin/security stuff, It’s a good way of getting a heads up on what the script kiddies are going to target next. The my gallery exploit was posed a couple of days ago.

By: my fotos

my fotos — Tue, 01 May 2007 05:09:58 +0000

may gallery