Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_get_contents
Risk _GET
/social-booster/admin/class-rx-sb-admin.php:356 (show/hide source)
336  
337  
338      public function sb_admin_footer_styles() {
339          $screen = get_current_screen();
340          if($screen->id === 'toplevel_page_rex-social-booster') {
341              echo '';
342          }
343      }
344  
345  
346      /**
347       * Network redirection after
348       * auth setup
349       */
350      public function rx_sb_network_auth () {
351          $running = get_option( 'network_authentication' );
352          if ($running === 'twitter') {
353              update_option( 'network_authentication', 'Dead' );
354              if(isset($_GET['oauth_token']) && isset($_GET['oauth_verifier']) ){
355                  $twitter = new Rx_Sb_Twitter();
356 $auth_token = $_GET['oauth_token'];
357 $auth_verifier = $_GET['oauth_verifier']; 358 $contextOptions = [
Threat level 2

Callstack:

Rx_Sb_Admin::rx_sb_network_auth /social-booster/admin/class-rx-sb-admin.php:366 (show/hide source)
346      /**
347       * Network redirection after
348       * auth setup
349       */
350      public function rx_sb_network_auth () {
351          $running = get_option( 'network_authentication' );
352          if ($running === 'twitter') {
353              update_option( 'network_authentication', 'Dead' );
354              if(isset($_GET['oauth_token']) && isset($_GET['oauth_verifier']) ){
355                  $twitter = new Rx_Sb_Twitter();
356                  $auth_token = $_GET['oauth_token'];
357                  $auth_verifier = $_GET['oauth_verifier'];
358                  $contextOptions = [
359                      'ssl' => [
360                          'verify_peer' => false,
361                          'allow_self_signed' => true
362                      ]
363                  ];
364                  $sslContext = stream_context_create($contextOptions);
365                  $url = 'https://api.twitter.com/oauth/access_token?oauth_token='.$auth_token.'&oauth_verifier='.$auth_verifier.'';
366 $json = file_get_contents($url,false, $sslContext);
367 $data = (explode("&",$json)); 368 $oauth_token = explode("=",$data[0]);