www programming - Post a reply

Peepso plugin severe security bug

Post a reply

Username:

Subject:

Write the first link on the left, of the main top black bar: This question is a means of preventing automated form submissions by spambots.

Smilies

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review

[quote=axew3 post_id=1345 time=1486337057 user_id=48]
While looking for a mod request into this plugin yesterday night, i've found that 
[b]Peepso plugin allow remote execution code[/b], authors have been noticed about.

[color=#FF0000][size=120][b]Peepso security bug[/b]
SEVERITY: HIGH SEVERITY
[b]Allow arbitrary remote execution code:[/b][/color]
[/size]
File:
[i]wp-content/plugins/peepso-core/templates/register/register-activate.php[/i]

Vulnerable code:

[code]<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />[/code]

[i][b]$value[/b][/i] is initialized as empty, but after get a value that isn't sanitized.

Security patch example:

[code]
<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>[/code]

P.s Peepso seem to me a copy of original Buddypress. [b]USE BUDDYPRESS![/b]
[/quote]

Options
Attachments

Disable BBCode

Disable smilies

Do not automatically parse URLs

If you wish to attach one or more files enter the details below. You may also attach files by dragging and dropping them in the message box.

Maximum filesize per attachment: 1 MiB.

Filename:

File comment:

Filename	File comment	Size	Status

Expand view Topic review: Peepso plugin severe security bug

Peepso plugin severe security bug

Quote axew3

by axew3 » Sun Feb 05, 2017 11:24 pm

While looking for a mod request into this plugin yesterday night, i've found that
Peepso plugin allow remote execution code, authors have been noticed about.

Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:

File:
wp-content/plugins/peepso-core/templates/register/register-activate.php

Vulnerable code:

Code: Select all

<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />

$value is initialized as empty, but after get a value that isn't sanitized.

Security patch example:

Code: Select all

<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>

P.s Peepso seem to me a copy of original Buddypress. USE BUDDYPRESS!

Top