SQL Injection Vulnerability in NextGEN Gallery for WordPress

As part of a vulnerability research project Sucuri, have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, they discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information.

This vulnerability can be exploited by attackers in at least two different scenarios:

  1. If you use a NextGEN Basic TagCloud Gallery on your site, or
  2. If you allow your users to submit posts to be reviewed (contributors).

This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query.

Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.

Technical Details

The golden rule is “never trust the input”. This leads to better security and safe customers.

In every scenario the developer must ask a few simple questions:

  • Is this input safe enough?
  • Is it sanitized?
  • Do we follow any framework-specific rules and best practices?

WordPress uses the PHP vsprintf function in order to prepare SQL statements in $wpdb->prepare(); which means that the SQL statement uses a format string and the input values as its arguments.

The conclusion is that’s never a good idea to supply user input in the format string because it may not be sanitized against characters that could create valid arbitrary sprintf/printf directives.

More infos can you find here: SQL Injection Vulnerability in NextGEN Gallery for WordPress

The December 2016 WordPress Attack Activity Report – Wordfence

Wordfence published today an interesting report: the WordPress Attack Activity Report.

This new of a kind report shows the attack data for the previous month from the 1st to the end of the month and provides an analysis on the attack activity targeting WordPress websites.

The report includes a table that lists the most active attack IPs for December 2016. Ukraine still owns the top spot. Ukraine absolutely dominates the report. Out of 25 top IPs 13 are based in Ukraine.

Enjoy the rest of the report here: https://www.wordfence.com/blog/2017/01/december-2016-wordpress-attack-activity-report/

typewolf.com

WHAT’S TRENDING IN TYPE

Typewolf is the absolute best resource available for everything related to typography on the web.

Typewolf is an independent site that features typefaces from all type foundries regardless of where the fonts can be purchased.

Critical Vulnerability in PHPMailer. Affects WP Core

A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski.

The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included.

Unfortunately someone posted a proof of concept to exploit-db and to github demonstrating how the vulnerability can be exploited in the PHPMailer library, but not targeting any web application that is in use.

Source: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/

December update of Adobe Experience Design CC

What’s new for XD on mobile?

  • Browse and open XD documents saved in Creative Cloud Files
  • View XD documents even when you’re offline
  • Browse all artboards in an XD document
  • Turn hotspot hints on or off
  • Share the current screen as an image

Read it here: December update of Adobe Experience Design CC

This month’s big news is that the first public beta for Adobe XD for Windows 10 is ready for you. More here: Windows release.