Project: Wordpress Plugin ClickBank Affiliate Ads 1.9

Vulnerability: #6 (2017-03-15 16:48:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/clickbank-ads-clickbank-widget/clickbank-ads.php:43 (show/hide source)
23  $cbwec_version="1.9"; 
24  if (!class_exists("cbwec")) {
25    class cbwec {
26      var $opts; 
27      function cbwec() { $this->getOpts(); } 
28      function getOpts() { 
29        if (isset($this->opts) AND !empty($this->opts)) {return;} 
30        $this->opts=get_option("ClickBankWEC3"); 
31        if (!empty($this->opts)) {return;} 
32        $this->opts=Array ('title' => 'Related eBooks', 'name' => '', 'keywordbytitle2' => 'Title', 'border' => '','homepage'=>'1','onlypost'=>'1','runplugin'=>'1', 'bordcolor' => 'CCCCCC', 'bordstyle' => '1', 'adformat' => '1', 'width' => '100%', 'height' => '100%', 'linkcolor' => '0000ff','pos' => 'Top');
33      } 
34      function sanitize_entries($options){ return $options; } 
35      
36      function get_field_name($fieldname){return "cbwec[".$fieldname."]";}
37      function get_field_id($fieldname){return "cbwec-".$fieldname;}
38     
39      function admin_menu() {
40  	  global $cbwec_version;
41        if (isset($_POST["cbwec_submit"])) {
42  		foreach($_POST["cbwec"] as &$val)	{$val = sanitize_text_field($val);} 
43 $this->opts=$this->sanitize_entries($_POST['cbwec'], $sizes);
44 update_option('ClickBankWEC3',$this->opts); 45 echo '<div id="message" class="updated fade"><p><strong>Options Updated!</strong></p></div>';
Threat level 2

Callstack:

cbwec::admin_menu /clickbank-ads-clickbank-widget/clickbank-ads.php:71 (show/hide source)
51      <p>For further Information visit the <a target=_blank href="http://cbads.com/">Plugin Site</a>.<br><br>To place a vertical banner or vertical carousel to <b style="color:#ff3333">widget area (sidebar)</b>, <br>go to the '<a href=widgets.php>Appearance -> Widgets</a>' SubPanel, <br>add the "ClickBank Ads" to your sidebar and configure it."</p>
52      <form name="mainform" method="post" action="<?php echo $_SERVER["REQUEST_URI"]; ?>" onsubmit="if(document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length<5 || document.getElementById('<?php echo $this->get_field_id('name'); ?>').value.length>10){alert('Please enter your ClickBank nickname! \nYour nickname must be 5-10 letters & digits');return false;}">
53          <script type="text/javascript" src="<?php echo plugins_url( '/jscolor/jscolor.js', __FILE__ );?>"></script>
54  			<style>
55  			.cbwecb10 {border: 1px solid #<?php echo $this->opts['bordcolor'];?>;}
56  			.cbwecb11 {color:#<?php echo $this->opts['linkcolor']; ?>;}
57  			</style>
58          <p>
59            <label for="<?php echo $this->get_field_id('title'); ?>">Title:</label><br />
60            <input type="text" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" value="<?php echo $this->opts['title']; ?>" style="width:200px;" />
61          </p>
62          <p>
63            <label for="<?php echo $this->get_field_id('name'); ?>">Your ClickBank Nickname:</label><br /><a target="regs" href="http://artdhtml.reseller.hop.clickbank.net/"><font size=1>(Register here, its FREE))</font></a><br/>
64            <input type="text" id="<?php echo $this->get_field_id('name'); ?>" name="<?php echo $this->get_field_name('name'); ?>" value="<?php echo $this->opts['name']; ?>" style="width:200px;" required  maxlength="10" />
65          </p>
66          <p>
67            <label><input type="radio" <?php if($this->opts['keywordbytitle2']=="Title") {echo 'checked';}?> onclick="fk1=document.getElementById('dthidti').style;if(this.value!='Key'){fk1.display='none';}" value="Title" id="<?php echo $this->get_field_id('keywordbytitle2'); ?>" name="<?php echo $this->get_field_name('keywordbytitle2'); ?>" style="border:0px;" /> Ads related to post Title & Category</label> <font size=1>(recommended)</font><br />
68            <label><input type="radio" <?php if($this->opts['keywordbytitle2']=="TitleOnly") {echo 'checked';}?> onclick="fk1=document.getElementById('dthidti').style;if(this.value!='Key'){fk1.display='none';}" value="TitleOnly" id="<?php echo $this->get_field_id('keywordbytitle2'); ?>1" name="<?php echo $this->get_field_name('keywordbytitle2'); ?>" style="border:0px;" /> Ads related to post Title</label><br />
69            <label><input type="radio" <?php if($this->opts['keywordbytitle2']=="Key") {echo 'checked';}?> onclick="fk1=document.getElementById('dthidti').style;if(this.value=='Key'){fk1.display='block';}" value="Key" id="<?php echo $this->get_field_id('keywordbytitle2'); ?>2" name="<?php echo $this->get_field_name('keywordbytitle2'); ?>" style="border:0px;" /> Ads related to Keywords:</label>
70            <div id="dthidti" style="overflow:hidden;height:30px;display: <?php echo ($this->opts['keywordbytitle2']=="Key"?"block;":"none");?>">
71 <input type="text" id="<?php echo $this->get_field_id('keywords'); ?>" name="<?php echo $this->get_field_name('keywords'); ?>" value="<?php echo $this->opts['keywords']; ?>" placeholder="Enter Your Keywords" style="width:200px;" />
72 </div> 73 </p>