Peepso plugin severe security bug
Posted: Sun Feb 05, 2017 11:24 pm
While looking for a mod request into this plugin yesterday night, i've found that
Peepso plugin allow remote execution code, authors have been noticed about.
Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:
File:
wp-content/plugins/peepso-core/templates/register/register-activate.php
Vulnerable code:
$value is initialized as empty, but after get a value that isn't sanitized.
Security patch example:
P.s Peepso seem to me a copy of original Buddypress. USE BUDDYPRESS!
Peepso plugin allow remote execution code, authors have been noticed about.
Peepso security bug
SEVERITY: HIGH SEVERITY
Allow arbitrary remote execution code:
File:
wp-content/plugins/peepso-core/templates/register/register-activate.php
Vulnerable code:
Code: Select all
<div class="ps-form-field">
<?php
$value = '';
if (isset($_GET['peepso_activation_code'])){
$value = $_GET['peepso_activation_code'];
}
?>
<input type="text" name="activate" class="ps-input" value="<?php echo $value; ?>" placeholder="<?php _e('Activation code', 'peepso'); ?>" />Security patch example:
Code: Select all
<?php
if (isset($_GET['peepso_activation_code'])) {
$value = trim(utf8_encode($_GET['peepso_activation_code']));
if(preg_match('/[^0-9A-Za-z]/',$value)){
die('Unwanted chars detected.');
}
}
?>