Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - ranger1

Pages: [1]
Services Offered/Needed / Malware in a WordPress Pluging
« on: March 30, 2017, 09:02:40 PM »
A popular WordPress gallery plugin with more than one million active installations was recently patched to address a vulnerability exposing website databases to attack.

The NextGEN Gallery is a photo gallery management system used by professional photographers and artists upload, sort and group galleries. It’s been downloaded more than 16 million times since it was developed in 2007.
Related Posts
Workarounds Available for Flaws in Siemens RUGGEDCOM Gear
March 29, 2017 , 1:29 pm
Threatpost News Wrap, March 27, 2017
March 24, 2017 , 10:45 am
SAP Vulnerability Puts Business Data at Risk for Thousands of Companies
March 22, 2017 , 11:48 am

Researchers at Sucuri on Monday disclosed what was characterized as a “severe SQL injection vulnerability.”

“This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive user information,” researcher Slavco Mihajloski said. “This is quite a critical issue. If you’re using a vulnerable version of this plugin, update as soon as possible!”

Mihajloski described two conditions in which the vulnerability can be exploited: if an admin uses a NextGEN Basic TagCloud Gallery, or if the site allows contributors to submit posts to be reviewed.

“This issue existed because NextGEN Gallery allowed improperly sanitized user input in a WordPress prepared SQL query; which is basically the same as adding user input inside a raw SQL query,” Mihajloski said. “Using this attack vector, an attacker could leak hashed passwords and WordPress secret keys in certain configurations.”

Mihajloski said an attacker would need to abuse a $container_ids string in order to trigger the exploit. He could do so by either modifying the NextGEN Basic TagCloud gallery URL, or when using the tag gallery shortcode.

“With this knowledge, an unauthenticated attacker could add extra sprintf/printf directives to the SQL query and use $wpdb->prepare’s behavior to add attacker-controlled code to the executed query,” Mihajloski said.

WordPress plugins have been a source of security angst for the content management system for some time. A December research report from RIPS cofounder Hendrik Buchwald said the percentage of vulnerable plugins was high, but that this was an artifact of WordPress’ widespread adoption. Buchwald said he looked at more than 10,000 plugins with more than 500 lines of code and found that 43 percent had at least one medium-severity vulnerability. According to the research, plugins with fewer than 1,000 lines of code had next to zero vulnerabilities. While a large percentage of the internet’s sites may be built on WordPress, RIPS’ research suggests only a small percentage of the plugins used on those sites contain vulnerabilities.

Recently, WordPress platform users were face-to-face with a critical vulnerability in the core code that was patched in a recent security update in version 4.7.2. Hackers quickly capitalized, exploiting a vulnerability in the REST API endpoint to deface more than one million websites. Eventually, attackers tried to monetize these defacements, leaving behind links to rogue pharmaceutical websites trying to spam users into buying drugs or lure them into phishing scams trying to steal payment card data.

For more information go to

New Member Intros / Surgery I had
« on: October 25, 2015, 09:41:34 AM »
This is Ranger1 I was going to tell everyone that I had surgery on my spine and spleen,  I had a 250lb tree fall on my back, and it knocked me out.  This happen the end of July but I just came home from the VA.  I am doing alright, God really helped me and to all my friends here I just wanted to let you know how I am doing.

Now I am going to be laid up for a while, Thank God I have my Laptop in my room at home. I am ready to start making the income now. I have to go through therapy and that so please pray that my recovery will be well.

Thanks to all my forum family.

Product Requests / New Proiduct Request and a question
« on: June 11, 2015, 09:51:21 PM »
Hello everyone, I was wondering Mark if you can get take a look at a product that I did not see on the Gold member site. the url is  it called the Affiliate Army Script.  And I was wondering also can you do a download script on WP.  I found this in my email and I think it would be great for it to be on the membership site.

Bernie :angel4:

Product Requests / Is there a Submission software we can get
« on: February 23, 2015, 01:36:10 PM »
Hello everyone just would like to know if there is a website submission software that can put in the Membership, I see link submitter for Directories, is there one for search engines.

Thank you

Questions About Latest Products / Need help on the CB Goliath
« on: February 18, 2015, 11:48:00 AM »
Hello all I need help on the CB Goliath for Word Press. What kind of name do I give it in the Description. :idea: if any one has an Idea please let me know. i am a little *duh*

Thank you

Off Topic Forum / Computer and Software Problems
« on: February 15, 2015, 12:23:36 PM »
Hello Ranger1 here I am posting here and tell anyone if you have computer problems or software problems you can post it here and I will be able to help and on the Software any questions on windows software let me know. I am Microsoft Certified and Adobe. And if you have major problems I can help via internet with Team viewer.

Thank you

Feedback Requests / Free E-Book Software that is online
« on: February 15, 2015, 01:19:30 AM »
Hello Everyone this is Ranger1 and I have some good news about a free E-Book Cover software that is free to use.  you can go to

Marketing Talk / I am new to the Forum
« on: February 13, 2015, 11:57:17 AM »
Hello everyone I am Ranger1  and I am new to the forum. I use ranger1 because I was an Army Ranger for 20+ years and now I am going back to internet marketing and if anyone has any tips for this old school marketer please let me know, and can you tell me how to put an avitar on the page.

Thank you

Pages: [1]