petermolnar/wp-ffpc
1
0
Fork 0
Code Issues 22 Pull requests 4 Projects Releases Packages Wiki Activity Actions

wp-ffpc v 1.10.1 security vulnerable; form fields are not escaped #63

New issue
Open
opened 2016-09-06 17:34:45 +01:00 by diablodale · 1 comment
diablodale commented 2016-09-06 17:34:45 +01:00 (Migrated from github.com)
Copy link

Throughout the code for wp-ffpc v 1.10.1, the code does not escape html and its values before/after processing by the form page. Therefore, it is possible for:

  1. a malicious string of html to be put in the config (using the form, direct to db, or direct to config file)
  2. that string is read and rendered to the wp-ffpc forms page as a concatenated string value (e.g. the nocache_cookies string value is between two double quotes on an input field)
  3. the malicious string could have its own double quote + a string of html causing XSS problems, automation to destroy the site, or any number of other hostile actions.

All input which is taken from users/admins and later rendered down to a browser needs to be evaluated for security holes like this. An example of this in wp-ffpc-class.php:

value="<?php echo $this->options['nocache_cookies']; ?>"
   should be instead
value="<?php echo htmlspecialchars($this->options['nocache_cookies']); ?>"
Throughout the code for wp-ffpc v 1.10.1, the code does not escape html and its values before/after processing by the form page. Therefore, it is possible for: 1. a malicious string of html to be put in the config (using the form, direct to db, or direct to config file) 2. that string is read and rendered to the wp-ffpc forms page as a concatenated string value (e.g. the nocache_cookies string value is between two double quotes on an input field) 3. the malicious string could have its own double quote + a string of html causing XSS problems, automation to destroy the site, or any number of other hostile actions. All input which is taken from users/admins and later rendered down to a browser needs to be evaluated for security holes like this. An example of this in wp-ffpc-class.php: ``` value="<?php echo $this->options['nocache_cookies']; ?>" should be instead value="<?php echo htmlspecialchars($this->options['nocache_cookies']); ?>" ```
ksaltik commented 2018-05-01 23:58:53 +01:00 (Migrated from github.com)
Copy link

It is not maintained anymore frk it and fix than request pull request please

It is not maintained anymore frk it and fix than request pull request please
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
mcachesock
dev
1.11.2
1.11.1
1.11.0
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.6.3
1.6.2
1.6.1
1.5.0
1.3.2
1.3.1
1.3
1.2.2
1.2.1
1.2
1.1.1
1.1
1.0
0.6.1
0.6
0.5.1
0.5
0.4.3
0.4
0.3.2
0.3.1
0.3
0.2.1
0.2
0.1
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
invalid

   
question

   
wontfix
No labels
bug
duplicate
enhancement
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: petermolnar/wp-ffpc#63
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?