Peepso plugin severe security bug

Post a reply


This question is a means of preventing automated form submissions by spambots.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

If you wish to attach one or more files enter the details below.

Maximum filesize per attachment: 1 MiB.

Expand view Topic review: Peepso plugin severe security bug

Peepso plugin severe security bug

by axew3 » Sun Feb 05, 2017 11:24 pm

While looking for a mod request into this plugin yesterday night, i've found that
Peepso plugin allow remote execution code, authors have been noticed about.

Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:


File:
wp-content/plugins/peepso-core/templates/register/register-activate.php

Vulnerable code:

Code: Select all

<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />
$value is initialized as empty, but after get a value that isn't sanitized.

Security patch example:

Code: Select all

<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>
P.s Peepso seem to me a copy of original Buddypress. USE BUDDYPRESS!

Top