Project: Wordpress Plugin ClickBank Affiliate Ads 1.9

Vulnerability: #1 (2017-03-15 16:48:02)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/clickbank-ads-clickbank-widget/clickbank-ads.php:52 (show/hide source)
32        $this->opts=Array ('title' => 'Related eBooks', 'name' => '', 'keywordbytitle2' => 'Title', 'border' => '','homepage'=>'1','onlypost'=>'1','runplugin'=>'1', 'bordcolor' => 'CCCCCC', 'bordstyle' => '1', 'adformat' => '1', 'width' => '100%', 'height' => '100%', 'linkcolor' => '0000ff','pos' => 'Top');
33      } 
34      function sanitize_entries($options){ return $options; } 
35      
36      function get_field_name($fieldname){return "cbwec[".$fieldname."]";}
37      function get_field_id($fieldname){return "cbwec-".$fieldname;}
38     
39      function admin_menu() {
40  	  global $cbwec_version;
41        if (isset($_POST["cbwec_submit"])) {
42  		foreach($_POST["cbwec"] as &$val)	{$val = sanitize_text_field($val);} 
43          $this->opts=$this->sanitize_entries($_POST['cbwec'], $sizes); 
44          update_option('ClickBankWEC3',$this->opts); 
45          echo '<div id="message" class="updated fade"><p><strong>Options Updated!</strong></p></div>'; 
46        }
47  
48   ?>
49   <div class="wrap">
50      <h2>ClickBank Ads V <?php echo $cbwec_version; ?></h2>
51      <p>For further Information visit the <a target=_blank href="http://cbads.com/">Plugin Site</a>.<br><br>To place a vertical banner or vertical carousel to <b style="color:#ff3333">widget area (sidebar)</b>, <br>go to the '<a href=widgets.php>Appearance -> Widgets</a>' SubPanel, <br>add the "ClickBank Ads" to your sidebar and configure it."</p>
52 <form name="mainform" method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>" onsubmit="if(document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length<5 || document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length>10){alert('Please enter your ClickBank nickname! \nYour nickname must be 5-10 letters & digits');return false;}">
53 <script type="text/javascript" src="<?php echo plugins_url( '/jscolor/jscolor.js', __FILE__ );?>"></script> 54 <style>
Threat level 0

Callstack:

cbwec::admin_menu /clickbank-ads-clickbank-widget/clickbank-ads.php:52 (show/hide source)
32        $this->opts=Array ('title' => 'Related eBooks', 'name' => '', 'keywordbytitle2' => 'Title', 'border' => '','homepage'=>'1','onlypost'=>'1','runplugin'=>'1', 'bordcolor' => 'CCCCCC', 'bordstyle' => '1', 'adformat' => '1', 'width' => '100%', 'height' => '100%', 'linkcolor' => '0000ff','pos' => 'Top');
33      } 
34      function sanitize_entries($options){ return $options; } 
35      
36      function get_field_name($fieldname){return "cbwec[".$fieldname."]";}
37      function get_field_id($fieldname){return "cbwec-".$fieldname;}
38     
39      function admin_menu() {
40  	  global $cbwec_version;
41        if (isset($_POST["cbwec_submit"])) {
42  		foreach($_POST["cbwec"] as &$val)	{$val = sanitize_text_field($val);} 
43          $this->opts=$this->sanitize_entries($_POST['cbwec'], $sizes); 
44          update_option('ClickBankWEC3',$this->opts); 
45          echo '<div id="message" class="updated fade"><p><strong>Options Updated!</strong></p></div>'; 
46        }
47  
48   ?>
49   <div class="wrap">
50      <h2>ClickBank Ads V <?php echo $cbwec_version; ?></h2>
51      <p>For further Information visit the <a target=_blank href="http://cbads.com/">Plugin Site</a>.<br><br>To place a vertical banner or vertical carousel to <b style="color:#ff3333">widget area (sidebar)</b>, <br>go to the '<a href=widgets.php>Appearance -> Widgets</a>' SubPanel, <br>add the "ClickBank Ads" to your sidebar and configure it."</p>
52 <form name="mainform" method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>" onsubmit="if(document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length<5 || document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length>10){alert('Please enter your ClickBank nickname! \nYour nickname must be 5-10 letters & digits');return false;}">
53 <script type="text/javascript" src="<?php echo plugins_url( '/jscolor/jscolor.js', __FILE__ );?>"></script> 54 <style>