Peepso plugin severe security bug

User avatar
axew3
w3all User
w3all User
Posts: 2689
Joined: Fri Jan 22, 2016 5:15 pm
Location: Italy
Contact:

Peepso plugin severe security bug

Post by axew3 »

While looking for a mod request into this plugin yesterday night, i've found that
Peepso plugin allow remote execution code, authors have been noticed about.

Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:


File:
wp-content/plugins/peepso-core/templates/register/register-activate.php

Vulnerable code:

Code: Select all

<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />
$value is initialized as empty, but after get a value that isn't sanitized.

Security patch example:

Code: Select all

<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>
P.s Peepso seem to me a copy of original Buddypress. USE BUDDYPRESS!