Peepso plugin severe security bug

Post by **axew3** » Sun Feb 05, 2017 11:24 pm

While looking for a mod request into this plugin yesterday night, i've found that
Peepso plugin allow remote execution code, authors have been noticed about.

Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:

File:
wp-content/plugins/peepso-core/templates/register/register-activate.php

Vulnerable code:

Code: Select all

<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />

$value is initialized as empty, but after get a value that isn't sanitized.

Security patch example:

Code: Select all

<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>

P.s Peepso seem to me a copy of original Buddypress. USE BUDDYPRESS!