1. Pyload is a Free and Open Source down. Pyload is a Free and Open Source download manager written in Python and designed to be extremely lightweight, easily extensible and fully manageable via web. Default login account/password: admin/password, please change it in 'Administration' of pyLoad web UI.
  2. It's very good for real-time measurement, the use of this software is very professional.
  3. The Keasey Formation is a geologic formation in northwestern Oregon.It preserves fossils dating back to the Paleogene period. Various Contributors to the Paleobiology Database. 'Fossilworks: Gateway to the Paleobiology Database'.Archived from the original on 31 July 2014; Raymond C. Moore and Harold E.

Summary

StudioLine Photo 的操作介面有些 Mac OS 的味道, 而储存相片的方法较为特别,用户无须考虑相片在硬盘中的位置, 只需要按照自己的喜好在程序中添加文件夹相片就会自动作出分类。随之而来, 它提的搜索功能也很详细, 自订关键字同样依照相片的逻辑关系来搜寻。.

Over the past few months, I’ve been monitoring the proliferation of exploits for some of my disclosed WordPress Plugin and Joomla Extension vulnerabilities against Akamai customers. I started this observation process which leads to an expected conclusion – severe vulnerabilities like SQL Injection, RFI and LFI would receive the most attention for any CMS platform. While less severe vulnerabilities such as XSS and path disclosure would likely receive less attention from the attackers.

The initial idea was to track three of my own disclosures after they had been published and see how much time elapsed until they were weaponized and attempts were made to exploit them in the wild. In total, I had released three previously unknown SQL injection vulnerabilities in three well known Joomla extensions. These aforementioned vulnerabilities had been remedied by the original authors prior to research being published, These disclosures appeared to go unnoticed by the black hat community.

This paper examines the time elapsed between a when a vulnerability is publicly disclosed until we begin to observe widespread exploitation attempts by adversaries.

What Happened

The three disclosed vulnerabilities were released last September listed in the following table. Each advisory details a SQL Injection vulnerability that does not require the attacker to have a login on the target’s website:

DateDescriptionCVE ID
2016-09-16Huge-IT Portfolio Gallery Plugin v1.0.6CVE-2016-1000124
2016-09-15Huge-IT Video Gallery v1.0.9CVE-2016-1000123
2016-09-16Huge-IT Catalog v1.0.7 for Joomla
CVE-2016-1000125

After nearly a year, I decided to investigate what might be causing my disclosures to be ignored. I looked at other SQL injection vulnerabilities in Joomla extensions that were turning up in Akamai’s attack logs and found an obvious difference. While my advisories had permeated the usual exploit curator websites, like packetstormsecurity.org, they had not made it over to http://exploit-db.com, http://cxsecurity.org and http://0day.today. Two days after submitting all three exploits to exploit-db.com I found a hit in Akamai’s logs. The attack attempt originated from IP address belonging to a telecommunications company in North Africa. They were targeting a .mil website with the SQL injection in Huge IT portfolio v1.0.9 using SQLmap.

A second attack occurred five days later. This time the attacker targeted a Russian e-commerce site, by attempting to redirect the malicious requests through a popular online auction house. The requests appear to be looking for other injection points, since each request placed a single quote, ‘ at a different query parameter.

It seemed that the malicious actors would use exploit-db and CXsecurity websites specifically as their RSS feed of vetted working exploits. Conversely, while advisories published on packetstorm were quite relevant to the information security industry as a whole, they were not formatted into easily consumable exploits as curated by websites like exploit-db and their ilk. Not to leave the most popular CMS out of the fun I also publically disclosed a path traversal vulnerability in a WordPress plugin named Membership Simplified [CVE-2017-1002008]. I released the details on March 14th 2017 and began seeing entries in our logs on Saturday, March 18, 2017 at 9:00:00 PM just four days later. This response time was in stark contrast to my Joomla extension publications.

Why are newly disclosed WordPress plugin vulnerabilities so aggressively pursued? One possible theory is that there are multiple open source tools and frameworks available to scan for plugin vulnerabilities on WordPress websites. These freely available tools are lacking for the Joomla platform.

It is not just the severity of the vulnerability but the proliferation of the software platform that increases its target footprint. WordPress has an enormous market share of the content management software in production on the internet. There are entire frameworks, websites and even companies focused on WordPress core and plugin security.

What about a truly severe vulnerability? Something that doesn’t require authentication and allows the attacker to change content, possibly even execute code?

Earlier this year a researcher at Sucuri, Marc Montipas released a vulnerability affecting WordPress < 4 .7.2. The vulnerability abuses a type juggling bug where any non-integer input bypasses the authentication mechanism allowing a remote unauthenticated attacker to modify any blog post.

I started monitoring attack traffic, via Akamai log files, for this specific vulnerability immediately after it had been made public. The WordPress JSON API vulnerability was assigned CVE-ID CVE-2017-1001000. It first popped up in our attack logs on Wed, 01 Feb 2017 18:00:00 GMT or around 1PM EST just three hours after Sucuri made their blog post public on their site.

It only took three hours after the vulnerability went public to see exploit attempts against Akamai customers turning up in the logs. I’ve noticed the logs after a few months show only a few thousand attempts per day primarily targeting government and military websites. Also, most of the log entries were being generated by the customer themselves. In addition to this, large portions of these scans originate from security companies performing web application security assessments for said customers. The log entries that didn’t originate from a security company or the target’s own DMZ appeared to be POST requests rather than GET. This I assume to minimize noise and attempt to bypass WAF filters as there were many ways to deliver the JSON payload when exploiting this vulnerability.

Shortly after the disclosure by Marc and Securi an article was published stating that over 1.5 million websites had been compromised using this vulnerability. Why am I not seeing the same widespread exploitation attempts against Akamai customers? The answer was simple, the majority of Akamai customers aren’t running WordPress and the attackers were using google dorks to determine which sites were.

Keasey gallery (v1) mac os 11

A google dork is an advanced search method used to increase Google’s search granularity. To get a quick idea on how many websites out there rely on WordPress I ran the following:

An example, searching google for urls that contain the string /wp-content:

inurl:/wp-content

Returns “About 280,000,000 results”.

In an attempt to further my examination of these attacks, I examined other exploits against Joomla, as it is the second most popular CMS employed by internet websites. I found that, again SQL injection and path traversal vulnerabilities were the most popular. the top of the Joomla examples are listed here, but I primarily focus on WordPress because of its deep penetration into the content management ecosystem.

I discovered with attacks focusing on Joomla extensions the majority of the traffic originated from Virtual Private Servers (VPS) and appeared to be legitimate attack attempts. The logs revealed the opposite for wordpress, the majority of attack attempts originated from the target’s DMZ and were self scans.

ExtensionAttempts
com_rpl465414
com_content61078
com_virtuemart17371
com_gcalendar8718
com_multicalendar8011
com_ajax7867
com_poll7166
com_contenthistory6702
com_remository6976
com_pro_desk5768
com_jgrid5443
com_myblog5850
com_hsconfig5372
com_smartsite5356
com_picsell5316

The com_rpl at the top of the above table is the result of an SQL injection via the pid parameter of a GET request in an extension called RealtyNA CRM (Client Relationship Management). This is designed to help Joomla based real estate websites manage inquiries on property for sale. The associated vulnerability was disclosed on December 15th 2016 and does not require the attacker to be authenticated to the site. It should be noted that the extension is no longer actively being maintained and has been pulled from Joomla’s code repository. The vendor RealtyNA has directed Joomla users towards its new WordPress plugin.

Most of the above Joomla extensions are vulnerable to SQL injection. When automated tools like SQLmap are used they iterate through various payload types in an attempt to build a working SQL injection exploit. This is why the numbers are much higher than the wordpress table below, SQLi attacks are much more noisier than XSS or RFI.

Besides software popularity, the type of exploit, for example, an “Unrestricted File Upload” vulnerability isn’t going to trigger a WAF alert unless a rule was specifically written for it. As an example, a file upload vulnerability can be more severe than an path traversal vulnerability but it is not likely to set off nearly as many alarms when it is being exploited as it’s harder to fingerprint being an error in the code logic itself. The exploit is a normal looking POST request void of any malicious content. Unless your file payload is something obvious like the notorious c99.php web shell.

With WordPress running on 28.7% of all websites and Joomla coming in at second place with 3.3% the availability of website security assessment applications also follows this trend. There are various utilities to assess the security of your WordPress and Joomla websites, a few are listed below that are popular.

Application NameCMSProject Page
pyfiscanmultiplehttps://github.com/fgeek/pyfiscan
WPScanWordpresshttp://wpscan.org
sucuri-scannerWordpresshttps://wordpress.org/plugins/sucuri-scanner/
nmapWordpresshttps://nmap.org/nsedoc/scripts/http-wordpress-enum.html
Joomla VSJoomlahttps://github.com/rastating/joomlavs
AcunetixJoomlahttps://www.acunetix.com/blog/case-studies/joomla/

The majority of utilities out there appear to run on the command line, while some are directly integrated into your CMS installation.

The logs which I collected retain attack data for 30 days, I examined recently released vulnerabilities and well-known vulnerabilities to study the most scanned for a 30 day period. I filtered out known penetration testing companies from the logs and removed logs where the connection originated from the targets own network. The Alerts field contains the number of actual payloads that were blocked by Akamai’s WAF, they do not contain benign probe requests from web application vulnerability scanners.

PluginAlerts
akismet4588
s3bubble-amazon-s3-html-5-video-with-adverts2227
bwp-minify2050
dni_minify1399
wp-ecommerce-shop-styling161
jetpack114
ie-sitemode97
google-mp3-audio-player93
revslider80
tinymce-thumbnail-gallery69
wp-miniaudioplayer67
db-backup67
dukapress62
dm-albums59
simple-download-button-shortcode58

When examining the log entries for the Jetpack WordPress plugin I expected to see in most of the entries an attempt to exploit SQL injection or a local file inclusion vulnerability. Or perhaps even the latest vulnerability in jetpack to be disclosed by Sucuri, a stored XSS vulnerability. The majority of the scans appeared to just verify if jetpack had been installed. If it was installed further checks were made for the existence of specific files like class.jetpack-xmlrpc-server.php or example.html, this it seems was an attempt to exploit CVE-2014-0173 a bypass vulnerability allowing unrestricted access to some of the RPC calls packaged with WordPress.

The majority of plugins being scanned for have been public for many months, in some cases years. Why do scans continue for legacy vulnerable plugins? The reason is vulnerability assessment tools scan for the existence of all known vulnerable plugins, usually by testing for a known specific file that it is packaged with.
Plugin Security – Now

I started re-evaluating plugin security a year later by using the same previous methodology of downloading plugins and manually examining the PHP code for common vulnerabilities like SQLi, XSS, LFI, and RFI. I found plugins that have not been updated in several months pose the most risk. I also discovered plugins with less than 1000 downloads but more than 100 haven’t been updated in an average of 991 days, as of the time of writing, or almost three years. The average plugin from my sample data hasn’t been updated in 1050 days.

# Plugin DownloadsAvg Days Since Last Update
+10,000,00065
9,999,999 - 1,000,000150
999,999 - 100,000458
99,999 - 10,000941
9,999 - 1,0001296
999 - 100991
< 99107*

* This is because these are newly uploaded plugins actively being developed.

Conclusion

When I originally began my research into the aforementioned type of widespread exploitation of recently published vulnerabilities I had some expectations as to how it would turn out. I had expected the same categories of vulnerabilities across all platforms to receive equal amounts of attention. What I found was that specific vulnerabilities like LFI were favored over other vulnerabilities that I had expected to be more popular such as SQL injection.

What I did not expect is the amount of traffic generated by widespread deployment of scanning tools by enterprise IT staff. While it appears the multiple routine daily self scans appear excessive, at least they’re focused on their own site’s security. With the proliferation of new vulnerability scanning tools becoming readily available it’s important that software is audited and vulnerabilities are reported responsibly, fixed and publicly disclosed. This cycle of research, repair and publish is the current best way to keep systems safe and secure.

Repost: Hacking the power grid through air conditioners

Export iPhoto images to Gallery photo collections 15 comments Create New Account
Click here to return to the 'Export iPhoto images to Gallery photo collections' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Interesting - does that mean the iPhoto 2 API is available ?

I seem to recall that in the BetterHTMLExport description it was mentioned that undocumented iPhoto API's were required to get the PlugIn to work. I just want to be able to dump the raw JPG, title and comment into separate files to let my own gallery creation script do its work, so does anyone have any info that might let me write such a PlugIn ?
My Mac programming isn't good enough to go and rip apart iPhoto and do it myself, but AppleScripting it isn't as nice as a simple exporter would be. Currently I use the built-in HTML exporter and wander around the tree that it generates, but that's more work than it needs to be.
Thanks in advance,
--
ian.

Probably a better way is to process the iPhoto data and images directly. I wrote a small Java app that I use to do this for my own personal needs -- I just parse the AlbumData.xml file (using the Cocoa property list classes) and export the data I want. This lets you get most of the data. The notable exceptions are album comments and dates (these might be accessible by parsing the album plists, though), and the EXIF info that's in the image files.
You have to copy the images and make your own screen-resolution images separately.
-Esme

Export iPhoto images to Gallery photo collections

Excellent! I have been looking for something that just works. Gallery Remote plain breaks on my setup, and I am tired of trying to make it work. I will try this app out.

Export iPhoto images to Gallery photo collections

Just wanted to report that I've tried it and it works as advertised. Simplifies my workflow significantly... very cool...

There is a similarly named program called Galerie that i use with iPhoto.
http://www.myriad-online.com/perso/photos/english/download.html
I think Galerie is great. It has excellent integration with iTunes.

Galerie is not the same as Gallery. Gallery is a fully dynamic, multi-user, multi-level tree picture album application which requires PHP. Galerie is a static application. Both have advantages and disadvantages (the former can't be used if the webserver does not give PHP access -at least- while the latter is not dynamic at all.
Eduo
---
Eduo

Export iPhoto images to Gallery photo collections
I also prefer Galerie! I like being able to have different albums, each having it's own theme. I can create and customize as many Galerie templates as my hearts desires. If you would like to see my website and my Galerie examples, just visit:
http://www.wharff.net
Export iPhoto images to Gallery photo collections

I use myPhoto, it is excellent. This uses php and talks directly with your iPhoto library. I use retrospect to duplicate my library to my server and then my photos are online. You can also decide which albums and photos to exclude.
http://agent0068.dyndns.org/~mike/projects/myPhoto/index.php

Export iPhoto images to Gallery photo collections

Gallery is pretty cool indeed, and has an active developer community. One great thing about Gallery is its integration with Shutterfly. Your viewers can order prints with a single click... no need for Aunt Martha to email you, asking you to send her a print of cousin Pete on the bicycle. She can order it herself. :-)
This new plug-in to assist Mac users is nice to see. I'll be giving it a whirl.

Export iPhoto images to Gallery photo collections

FYI, the Gallery developers will be working with the author of <a href='http://zwily.com/iphoto/index.xsl'>iPhotoToGallery</a> closely to improve its back-end over time, and to enhance its user features.

Export iPhoto images to Gallery photo collections

Yes - the Shutterfly integration is incredible. I as skeptical at first, but after using it a few time - I am sold!

Export iPhoto images to Gallery photo collections

Anyone got any tips for doing this straight from iView Media Pro?

Export iPhoto images to Gallery photo collections

iPhotoToGallery works wonderfully!!
I am using:
- iPhoto 2.0 on 10.3
- Gallery v1.4.1-RC2
- iPhotoToGallery 0.4
This combo was exactly what i was looking for!!

Export iPhoto images to Gallery photo collections

I used Windows Apache 2.0.48 because I don't want to epxose my OSX system to the net.
PHP latest stable release.
Gallery 1.4.1 with all the extras I could get a hold of and configure.
I then added the latest iPhototoGallery Plugin.
Gallery was an absolute pain in the ass to set up and configure with all components, took me an experienced IT person about 5 hours total to set up everything properly (including Apache, php etc..)
All that being said, it was worth every painstaking minute. I've made my homesite available to the web so now all my friends and family can now view and order photo prints from two different sites and even edit the photo's in advance. They also can sign up and upload their own galleries to my site. This application is freaking awesome.
The iPhototoGallery plugin works ALMOST flawlessly. I can just select a Libray, hit export and it autologins to the Gallery server over the net and uploads the photos which then get formatted automatically. Cool...
The almost by the way is that as admin, if when I publish a Gallery through iPhoto and select see website when done, I get an error saying that I can't access the site because it takes me to the /gallery link instead of the /gallery/index.php link.
I thought I'd get clever and make an alias to force it to go to the right link but then I could no longer sign in as Admin to publish photos...I can live with having to enter the gallery link...

Export iPhoto images to Gallery photo collections

Is index.php set as a DirectoryIndex in your apache configuration?