jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

jQuery File Upload Plugin Vulnerable for 8 Years and Only Hackers Knew

jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.

Of the thousands of plugins for the jQuery framework, one of the most popular of them harbored for at least three years an oversight in code that eluded the security community, despite public availability of tutorials that explained how it could be exploited.

The bug affects the widely used jQuery File Upload widget and allowed an attacker to upload arbitrary files on web servers, including command shells for sending out commands.

 

jQuery

 

 

Bug enabled by security upgrade eight years ago

 

Larry Cashdollar, a security researcher with Akamai’s SIRT (Security Intelligence Response Team), found the flaw while analyzing the widget’s code and was able to upload a web shell and run commands on a test server he set up.

Together with Sebastian Tschan, the developer of the plugin, the researcher discovered that the flaw was caused by a change introduced in Apache 2.3.9, which disabled by default the .htaccess files that stored folder-related security settings. Unless specifically enabled by the administrator, .htaccess files are ignored.

One reason for this was to protect the system configuration of the administrator by disabling users from customizing security settings on individual folders. Another one was to improve performance since the server no longer had to check the .htaccess file when accessing a directory.

After Apache 2.3.9, plugins using .htaccess files to impose access restrictions no longer benefited from the custom folder access security configuration. This was also the case with jQuery File Upload, which adds files to a root directory.

 

Bug

 

 

Flaw propagates to other projects

 

The popularity of jQuery File Upload caused thousands of derivations of the project, many of them carrying the flawed code. There are over 7,800 variations at the moment, and Cashdollar says that there are cases where the vulnerability exists even if the original code was modified to meet custom needs.

The researcher reached this conclusion after checking some of the forks, where he noticed three common variations. He created a proof-of-concept exploit that tries to find one of the differences and uploads a PHP shell.

 

 

Flaw propagates to other projects

 

 

Exploit described in YouTube videos

 

jQuery File Upload has been vulnerable for eight years, since the Apache 2.3.9 release in 2010. The coding faux pas did not go unnoticed all this time, and the method for exploiting it has been shared for at least three years. for at least three years.

A video from 2015 is currently available on YoutTube with step-by-step instructions on how to find vulnerable websites and how to deface them. More recent videos are available, too.

Public distribution channels are the last ones a cybercriminal would turn to for documentation, which could suggest that the exploitation method has been distributed on hacker forums before 2015.

 

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Data Analysis

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 


Show Buttons
Hide Buttons