[Resolved] [Plugin: GRAND FlAGallery] Security Vulnerability
I have reason to believe this plugin has a security vulnerability. I have an IP targeting files in this extension with hundreds of the following in my access log:
184.108.40.206 - - [04/Oct/2012:01:00:04 +0000] "POST /wp-content/plugins/flash-album-gallery/lib/hitcounter.php HTTP/1.1" 403 220
I added a “deny from 220.127.116.11” in my htaccess which resulted in:
[Thu Oct 04 01:00:04 2012] [error] [client 18.104.22.168] client denied by server configuration: PATH/wp-content/plugins/flash-album-gallery/lib/hitcounter.php, referer: http://DOMAIN/wp-content/plugins/flagallery-skins/stylishgrey/gallery.swf
I’m not sure what the vulnerability the hacker’s script is trying to take advantage of but I thought you should know.
- The topic ‘[Resolved] [Plugin: GRAND FlAGallery] Security Vulnerability’ is closed to new replies.