Yesterday we came across a new MasterCard hack, performed by Syrian Electronic Army. Hackers was able to breach MasterCard Blog (https://insights.mastercard.com) and make a new blog post on the website with title “Hacked By Syrian Electronic Army” on January 5, 2013.
For now MasterCard deleted that post, but readers can check Google cache. Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website’s blog.
Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using WordPress. We all know, WordPress is particular a popular attack vector for cyber criminals.
To know this, I just tried to access the readme.html file of CMS , that’s it – MasterCard #fail ! They are using an old WordPress 3.3.2 version, instead of the current version 3.5 and Proudly vulnerable to many flaws like Cross Site scripting, File upload vulnerability, Cross-site request forgery (CSRF) etc.
As far I know, There is a good Cross-site request forgery (CSRF) exploit available on internet for WordPress 3.3.2 Cross-site request forgery, that allow attacker to add a new admin user, using bit of social engineering with administrator.
Possibly Hacker may use any one of these vulnerability to hack MasterCard blog. WordPress and its plug-ins are always primary attack vectors for many attacks. You should always be using the latest version of your software, especially if you’re a major company that is often targeted by hackers.
If you’re also not using the latest version of WordPress, you should upgrade immediately.
Original post at –thehackernews
Thanks for reading. hope it might helped you.
A security researcher is warning WordPress uses that a popular plugin may leave sensitive information from their blog accessible from the public Internet with little more than a Google search.
The researcher, Jason A. Donenfeld, who uses the handle “zx2c4” posted a notice about the add-on, W3 Total Cache on the Full Disclosure security mailing list on Sunday, warning that many WordPress users that had added the plugin had directories of cached content that could be browsed by anyone with a web browser and knowledge of where to look. The content of those directories could be downloaded, including directories containing sensitive data like password hashes, Donenfeld wrote.
W3 Total Cache is described as a “performance framework” that speeds up web sites that use the WordPress content management system by caching site content, speeding up page loads, downloads and the like. The plugin has been downloaded 1.39 million times and is used by sites including mashable.com andsmashingmagazine.com, according to the WordPress web site.
Simply installing W3 Total Cache from within WordPress appears to leave potentially sensitive data exposed, Donenfeld discovered. Among other things, a cache directory listing feature is enabled on the cache directory, which stores cached content. That means “anyone could easily recursively download all the database cache keys and extract ones containing sensitive information, such as password hashes,” he wrote.
“A cache is something that is supposed to be read by web applications and not users,” Donenfeld told Security Ledger.
Sites with exposed cache directories are also discoverable using a simple Google search, Donenfeld said.
Even with directory listings off, cache files are still publicly downloadable by default with W3 Total Cache. Yes, a hacker (or snooper) would need to know the key values and file names of the cache items, but Donenfeld said both are “easily predictable.”
Donenfeld developed a proof-of-concept exploit for the hole that allows a would-be attacker to try to attempt to glean password hashes from blogs running W3 Total Cache using a brute force attack to guess possible W3 Total Cache keys using different user- and site ID combinations.
A quick search revealed a number of web sites that are running the W3 Total Cache plugin that have publicly accessible directories of cached content. They include Triton Submarines, a maker of manned submersibles and the Family Policy Network, a U.S. based conservative Christian group that says its mission is to confront “immorality” in the public square and educate Christians “on important moral issues in public and corporate policy.”
Still, Donenfeld said the security holes are probably better classified as “configuration errors” than vulnerabilities – enabling risky features by default, and giving users too few ways to securely configure the plug-in. In a subsequent post on Full Disclosure, he said that W3 Edge, the company that makes W3 Total Cache, plans an update to correct the issues he had identified.
In the meantime, W3 Total Cache users can remediate the vulnerability by disabling the “database cache” and “object cache” options, and flush any existing caches created with W3 Total Cache.
WordPress is a widely used blogging and content management platform. As a result, it is frequently the target of attacks designed to compromise a large number of web sites. Most recently, The SANS Institute warned of widespread and apparently automated attacks against both WordPress and the Joomla CMS that were being used by cyber criminals to direct unwitting web surfers to sites serving up rogue antivirus and other malicious software. And, last week, a Russian researcher warned of a large scale spam campaign that leveraged compromised WordPress blogs to promote sites controlled by spammers and their customers.
Original post at securityledger.com
Thanks for reading. hope it might helped you.