Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::http_build_query
Risk _GET
/social-booster/admin/class-rx-sb-admin.php:414 (show/hide source)
394  
395              }
396          }
397          elseif ($running === 'tumblr') {
398              update_option( 'network_authentication', 'Dead' );
399              if(isset($_GET['oauth_token']) && isset($_GET['oauth_verifier']) ){
400  
401                  $tumblr = new Rx_Sb_Tumblr();
402  
403                  $consumer_key = get_option('tumblr_consumer_key');
404                  $consumer_secret = get_option('tumblr_consumer_secret');
405  
406                  $tumblr_request_token = get_option('tumblr_request_token');
407                  $tumblr_request_token_secret = get_option('tumblr_request_token_secret');
408  
409                  $client = new Tumblr\API\Client($consumer_key, $consumer_secret, $tumblr_request_token, $tumblr_request_token_secret);
410                  $requestHandler = $client->getRequestHandler();
411                  $requestHandler->setBaseUrl('https://www.tumblr.com/');
412  
413                  $link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
414 $verifier = $_GET['oauth_verifier'];
415 416 $resp = $requestHandler->request('POST', 'oauth/access_token', array('oauth_verifier' => $verifier));
Threat level 1

Callstack:

Tumblr\API\RequestHandler::request /social-booster/vendor/tumblr/tumblr/lib/Tumblr/API/RequestHandler.php:114 (show/hide source)
94              $url,
95              $options
96          );
97          $oauth->sign_request($this->signatureMethod, $this->consumer, $this->token);
98          $authHeader = $oauth->to_header();
99          $pieces = explode(' ', $authHeader, 2);
100          $authString = $pieces[1];
101  
102  
103          // Set up the request and get the response
104          $uri = new \GuzzleHttp\Psr7\Uri($url);
105          $guzzleOptions = [
106              'headers' => [
107                  'Authorization' => $authString,
108                  'User-Agent' => 'tumblr.php/' . $this->version,
109              ],
110              // Swallow exceptions since \Tumblr\API\Client will handle them
111              'http_errors' => false,
112          ];
113          if ($method === 'GET') {
114 $uri = $uri->withQuery(http_build_query($options));
115 } elseif ($method === 'POST') { 116 if (!$file) {
Rx_Sb_Admin::rx_sb_network_auth /social-booster/admin/class-rx-sb-admin.php:416 (show/hide source)
396          }
397          elseif ($running === 'tumblr') {
398              update_option( 'network_authentication', 'Dead' );
399              if(isset($_GET['oauth_token']) && isset($_GET['oauth_verifier']) ){
400  
401                  $tumblr = new Rx_Sb_Tumblr();
402  
403                  $consumer_key = get_option('tumblr_consumer_key');
404                  $consumer_secret = get_option('tumblr_consumer_secret');
405  
406                  $tumblr_request_token = get_option('tumblr_request_token');
407                  $tumblr_request_token_secret = get_option('tumblr_request_token_secret');
408  
409                  $client = new Tumblr\API\Client($consumer_key, $consumer_secret, $tumblr_request_token, $tumblr_request_token_secret);
410                  $requestHandler = $client->getRequestHandler();
411                  $requestHandler->setBaseUrl('https://www.tumblr.com/');
412  
413                  $link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
414                  $verifier = $_GET['oauth_verifier'];
415  
416 $resp = $requestHandler->request('POST', 'oauth/access_token', array('oauth_verifier' => $verifier));
417 $out = $result = $resp->body; 418