Project: Github szepeviktor/wordpress-fail2ban 20190130

Vulnerability: #9250268 (2019-01-30 20:53:48)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_put_contents
Risk _FILES
/wordpress-fail2ban-master/block-bad-requests/wp-fail2ban-bad-request-instant.inc.php:301 (show/hide source)
281              && 'POST' === $request_method
282              && false !== strpos( $request_path, '/customer/account/createpost' )
283              && isset( $_SERVER['HTTP_CF_RAY'] ) // Cloudflare request
284          ) {
285              if ( empty( $_POST ) ) {
286                  // phpcs:ignore WordPress.VIP.RestrictedFunctions
287                  $request_data = file_get_contents( 'php://input' );
288              } else {
289                  $request_data = $_POST;
290              }
291              $dump_file = sprintf(
292                  '%s/request-at-%s-from-%s.json',
293                  sys_get_temp_dir(),
294                  time(),
295                  $_SERVER['REMOTE_ADDR']
296              );
297              $dump      = json_encode(
298                  array(
299                      'headers' => $this->apache_request_headers(),
300                      'request' => $request_data,
301 'files' => $_FILES,
302 ), 303 JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
Threat level 0

Callstack:

O1\Bad_Request::check /wordpress-fail2ban-master/block-bad-requests/wp-fail2ban-bad-request-instant.inc.php:306 (show/hide source)
286                  // phpcs:ignore WordPress.VIP.RestrictedFunctions
287                  $request_data = file_get_contents( 'php://input' );
288              } else {
289                  $request_data = $_POST;
290              }
291              $dump_file = sprintf(
292                  '%s/request-at-%s-from-%s.json',
293                  sys_get_temp_dir(),
294                  time(),
295                  $_SERVER['REMOTE_ADDR']
296              );
297              $dump      = json_encode(
298                  array(
299                      'headers' => $this->apache_request_headers(),
300                      'request' => $request_data,
301                      'files'   => $_FILES,
302                  ),
303                  JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
304              );
305              // phpcs:ignore WordPress.VIP.FileSystemWritesDisallow
306 file_put_contents( $dump_file, $dump, FILE_APPEND | LOCK_EX );
307 } 308