[Plugin: GRAND FlAGallery] Security Vulnerability

  • Resolved Beshoy Girgis

    (@egyptianbman)


    12 years, 5 months ago

    I have reason to believe this plugin has a security vulnerability. I have an IP targeting files in this extension with hundreds of the following in my access log:

    75.81.24.2 - - [04/Oct/2012:01:00:04 +0000] "POST /wp-content/plugins/flash-album-gallery/lib/hitcounter.php HTTP/1.1" 403 220

    I added a “deny from 75.81.24.2” in my htaccess which resulted in:

    [Thu Oct 04 01:00:04 2012] [error] [client 75.81.24.2] client denied by server configuration: PATH/wp-content/plugins/flash-album-gallery/lib/hitcounter.php, referer: https://DOMAIN/wp-content/plugins/flagallery-skins/stylishgrey/gallery.swf

    I’m not sure what the vulnerability the hacker’s script is trying to take advantage of but I thought you should know.

    https://www.ads-software.com/extend/plugins/flash-album-gallery/

Viewing 1 replies (of 1 total)
  • Plugin Author Serhii Pasyuk

    (@pasyuk)

    hitcounter.php is a script for view and rating statistic of each image.
    Every time someone view the picture in the gallery, SWF post ‘view+1’ to hitcounter.php and this script write this information to database.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: GRAND FlAGallery] Security Vulnerability’ is closed to new replies.