One of the problems we sometimes run into checking over plugins that hackers look to be targeting is that hackers don’t always have a good understanding of what they are doing. We have seen in them trying to exploit vulnerabilities that don’t exist and trying to exploit vulnerabilities in a way that won’t ever succeed. The former issue can be caused by false or inaccurate reports of vulnerabilities released by others and the latter due to a lack of testing before trying to exploit them on other people’s websites.

Recently we had a request on this website for a file that would be located at  /wp-content/plugins/gallery-plugin/upload/php.php. That is a file that existed in older versions of the plugin Gallery by BestWebSoft. That would seem to be an attempt to exploit a claimed arbitrary file upload vulnerability in older versions of the plugin. Depending on how you define things, though, that wasn’t an arbitrary file upload vulnerability, as the extension type of the files that can be uploaded is limited to “jpeg”, “jpg”, “gif”, and “png”. In the proof of concept it shows uploading a file named “lo.php.gif”. Normally web browsers only pay attention to a file’s final extension, so even if you were to upload a file with PHP code and that file name, it wouldn’t run. [Read more]