Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com)

Posted by BeauHD on Tuesday February 28, 2017 @01:05PM from the easy-as-one-two-three dept.

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.

6 of 61 comments (clear)

Min score:

Reason:

Sort:

Jesus wept by JustAnotherOldGuy · 2017-02-28 13:19 · Score: 4, Insightful

"...This happens due to improper input sanitization in the URL parameters"
Not this shit again. Look kids, use parameterized queries (prepared statements) or a decent sanitizer library (there are several available that are actually very good).
To get hacked because of poor sanitizing of inputs is downright embarrassing in this day and age.

--
Just cruising through this digital world at 33 1/3 rpm...
1. Re:Jesus wept by StormReaver · 2017-02-28 15:12 · Score: 2
  
  I find parameterized queries a pain to test and troubleshoot on some platforms....
  You need more training before you write anything that uses a database. Parameterized queries in PHP are easier to use and read than inline SQL, and are trivially easy to see the actual SQL the RDBMS is using.
  
  Maybe I'm doing it wrong, but I'm disappointed with them.
  If your statement is a true reflection of your opinion of parameterized queries, then: yes, you are doing it wrong.
Obligatory xkcd by OhSoLaMeow · 2017-02-28 13:32 · Score: 3, Funny

Sanitize

--
They can take my LifeAlert pendant when they pry it from my cold dead fingers.
Re:Not Wordpress!! by Tablizer · 2017-02-28 13:43 · Score: 2

Yah, toldja to use SharePoint. *head duck*

--
Table-ized A.I.
Re:Sanitizing Untrusted Input by Frosty+Piss · 2017-02-28 14:05 · Score: 3, Insightful

I'm also glad I don't use PHP
The is crap written in EVERY language, and variations of C are certainly not immune to this. I can write code that accepts unsanitized input in any language you choose.

--
If you want news from today, you have to come back tomorrow.
Comment removed by account_deleted · 2017-02-28 14:07 · Score: 2

Comment removed based on user account deletion