Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::print_r
Risk _GET
/social-booster/vendor/jonathantorres/medium-sdk/examples/create_post.php:13 (show/hide source)
1  <?php
2  
3      require('../vendor/autoload.php');
4      require('credentials.php');
5  
6      use JonathanTorres\MediumSdk\Medium;
7  
8      $credentials['redirect-url'] = 'http://localhost:8888/create_post.php';
9      $medium = new Medium($credentials);
10  
11      if (isset($_GET['code'])) {
12          session_start();
13 $code = $_GET['code'];
14 $medium->authenticate($code); 15 $_SESSION['user'] = $medium->getAuthenticatedUser();
Threat level 2

Callstack:

@INLINE::/social-booster/vendor/jonathantorres/medium-sdk/examples/callback.php /social-booster/vendor/jonathantorres/medium-sdk/examples/callback.php:32 (show/hide source)
12  
13  ?>
14  
15  <!DOCTYPE html>
16  <html lang="en">
17    <head>
18      <meta charset="utf-8">
19      <meta http-equiv="X-UA-Compatible" content="IE=edge">
20      <meta name="viewport" content="width=device-width, initial-scale=1">
21      <title>Callback</title>
22  
23      <!-- Bootstrap -->
24      <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet">
25    </head>
26    <body>
27      <div class="container">
28          <div class="row">
29              <h1>Authenticated user details</h1>
30              <hr>
31              <pre>
32 <?php print_r($authenticatedUser); ?>
33 </pre> 34 </div>