Login

Tag Archives: Robo Gallery

9 May 2016

WPScan Vulnerability Database Includes Fake Vulnerability, Claims It Was Fixed

Last month there was report of a remote code execution vulnerability in the plugin Robo Gallery, as we discussed at the time the vulnerability didn’t actual exist (though another vulnerability did exist in the relevant code). Despite the fact that it didn’t exist and couldn’t possibly have been exploited as shown in the included proof of concept, that hasn’t stopped people from trying to exploit. We had one attempt on our website the week after the report and a recent thread on wordpress.org indicates that attempts are continuing to happen. Based on what request were sent in those two situations, those were done by different people, with the second one being from someone who was less aware of the problems with the advisory, considering they sent a GET request when that couldn’t possibly work.

While doing some more looking around on this we found it is not only hackers that didn’t bother to actually look at the vulnerability report. The fake vulnerability is also listed in the WPScan Vulnerability Database, which is a database of vulnerabilities related to WordPress. That database is used in a number of plugins for alerting to vulnerable plugins. [Read more]

20 Apr 2016

A Vulnerability Being Fake Doesn’t Stop Hackers From Trying To Exploit It

When it comes to threat of websites being hacked, it is a real threat, but is also worth noting that it easy to overstate the threat. The reality is that vast majority of hacking attempts on websites have zero chance of being of successful. For less scrupulous security companies that fact can be used to do things like making it seem like their product is protecting a website from many threats that were in fact not actually any threat to the website.

One reason this is the case is that many hackers don’t have much clue what they are doing, as an example when just ran across shows. [Read more]

12 Apr 2016

Privilege Escalation Vulnerability in Robo Gallery

While reviewing a false report of a vulnerability in the Robo Gallery plugin today we noticed the plugin actually had a privilege escalation vulnerability in the code mentioned in that other report. In version 2.0.15, and some prior versions, the function rbs_gallery_ajax_callback in the file /includes/rbs_gallery_ajax.php allows anyone logged in to WordPress to access the functions in the file /includes/extensions/rbs_create_post_ajax.php, which not all levels of users should have access to.

In version 2.0.15 an attempt was made to stop this by restricting access to the function rbs_gallery_ajax_callback to administrators using the the function is_admin(). The problem with that is that the function doesn’t actually doesn’t check if a user is an administrator. Instead it checks if “if the Dashboard or the administration panel is attempting to be displayed”. Since it “will return true when trying to make an ajax request (both front-end and back-end requests)”, this had no impact in this situation since it involves an ajax request. [Read more]

12 Apr 2016

When A False Vulnerability Report Leads To a Real Security Vulnerability

Today a report claiming that there was remote code execution vulnerability in version 2.0.14 of the Robo Gallery plugin was released. With such a serious vulnerability and one that was claimed to be in the most recent version of the plugin, we quickly started checking on the report to include the vulnerability in our service’s data. What we quickly noticed was the claimed vulnerability didn’t actually exist, but that that a less serious vulnerability in code mentioned in the false report does exist in the plugin. We have notified the developer that there apparent attempt to fix that vulnerability in the subsequently released version 2.0.15 was not successful. All of this highlights the importance the kind of the testing we do before adding vulnerabilities to our service’s data (and highlights the limited value of other services that don’t do that testing).

The threat of the claimed vulnerability is describe as [Read more]