Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928914 (2018-07-26 19:05:24)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/photo-video-store/includes/plugins/facebook/src/Facebook/Helpers/FacebookRedirectLoginHelper.php:331 (show/hide source)
311  
312      /**
313       * Returns the error description.
314       *
315       * @return string|null
316       */
317      public function getErrorDescription()
318      {
319          return $this->getInput('error_description');
320      }
321  
322      /**
323       * Returns a value from a GET param.
324       *
325       * @param string $key
326       *
327       * @return string|null
328       */
329      private function getInput($key)
330      {
331 return isset($_GET[$key]) ? $_GET[$key] : null;
332 } 333 }
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/check_facebook.php /photo-video-store/templates/check_facebook.php:56 (show/hide source)
36  
37  		try
38  		{
39  			$accessToken = $helper->getAccessToken();
40  		}
41  		catch ( Facebook\Exceptions\FacebookResponseException $e ) {
42  			// When Graph returns an error
43  			echo 'Graph returned an error: ' . $e->getMessage();
44  			exit;
45  		}
46  		catch ( Facebook\Exceptions\FacebookSDKException $e ) {
47  			// When validation fails or other local issues
48  			echo 'Facebook SDK returned an error: ' . $e->getMessage();
49  			exit;
50  		}
51  
52  		if ( ! isset( $accessToken ) ) {
53  			if ( $helper->getError() )
54  			{
55  				header( 'HTTP/1.0 401 Unauthorized' );
56 echo "Error: " . $helper->getError() . "\n";
57 echo "Error Code: " . $helper->getErrorCode() . "\n"; 58 echo "Error Reason: " . $helper->getErrorReason() . "\n";