MyGallery Plugin for WordPress If you are using the myGallery plugin for WordPress to display your pictures, please follow the link above and update your plugin to the latest version. A pretty serious remote code execution vulnerability in the plugin has been found and disclosed and there have been scattered reports of hack attempts.
[…] äußert sich unter dazu und verweist gleich noch auf einen schon ein paar alte Tage alten Hack von myGallery. Der Exploit befindet sich ebenfalls auf milw0rm ( http://www.milw0rm.com/exploits/3814 ). Allen […]
[…] the MyGallery WordPress Plugin: Weblog Tools Collection warns that if you are using the MyGallery Plugin for WordPress, update it immediately. A vulnerability […]
[…] die Fehler, die für die Angriffe gesorgt haben: Programmierfehler in den Plugins Wordtube und myGallery. Wer diese verwendet, sollte schleunigst auf die aktuellste Version […]
An avid fan of business, education, technology and finance. I lead a lean, highly focussed and capable team of Java Back End developers and Front End developers through a maze of complex software wizardry to fulfill the web maintenance needs of a large chemical manufacturer. As per Myers-Briggs Personality Types, I am an ESTJ. I pride in a project completed on time and according to plan. My hobbies include all kinds of technology, anything that I can taste and anything that goes fast or flies in the air. I like to read business books and comics in my spare time.
Obviously Powered by WordPress. © 2003-2013
may gallery
I’d recommend people subscribe to the Milw0rm rss of latest exploits, even if people aren’t interested in hackin/security stuff, It’s a good way of getting a heads up on what the script kiddies are going to target next. The my gallery exploit was posed a couple of days ago.
Thanks for the tip!
Nice since I didn’t get anything from the plugin author although I am subscribed to the comments on his main plugin description…
BTW, any details on this vulnerability? Anything in particular we should look for to make sure our sites weren’t compromised?
(I don’t need details on how to carry out the exploit, just what type of behavior the vulnerability allows)
ttancm, I tried to stay away from describing the vulnerability here. Just search on google for myplugin vulnerability and you should find lots of resources.
Thanks for this heads up! One of my sites, radiozoom.net, went down after a mygallery problem showed up. Couldn’t even get into the front page. I removed the plugin physcally in case this was the problem, and apparently it was. Will update ASAP.
Please update also wordTube,wp-table and myFlash. I have a similar problem in this plugins. All versions at wordpress.org and on my homepage are now safe… Sorry for the problems.
Mark,
Definitely understandable, sort of mute anyway since as far as I can tell the exploit lets them do pretty much anything they want.
mute = moot =P