Project: Wordpress Plugin Islamic Content Archive 2.0

Vulnerability: #7371201 (2018-01-13 00:06:11)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/islamic-content-archive/lib/app_helpers.php:36 (show/hide source)
16  	
17  	public function getLang($key='')
18  	{
19  		return $this->class_lang[$key];
20  	}
21  	
22  	public function MainContent($mainViewFile) {
23  		if (file_exists($mainViewFile)) {
24  			include_once $mainViewFile;
25  		}
26  
27  	}
28  	
29  	function ica_admin_tabs($current = 'language') {
30  		global $ica_categories_lang,$categories;
31  		if (!empty($_POST[ICA_Input_SLUG.'language'])) {
32  			$this->class_lang = fun_loadlang();
33  		}
34  		$cat_tab_list = $ica_categories_lang[get_option(ICA_Input_SLUG.'language')];
35  		if(isset($_GET['page'])){
36 $get_slug = strip_tags($_GET['page']);
37 }else{ 38 $get_slug = '';
Threat level 2

Callstack:

app_helpers::ica_admin_tabs /islamic-content-archive/lib/app_helpers.php:65 (show/hide source)
45  		echo '<div id="icon-themes" class="icon32"><br></div>';
46  		echo '<h2 class="nav-tab-wrapper">';
47  		foreach ($tabs as $tab => $name) {
48  			$class = ($tab == $current) ? ' nav-tab-active' : '';
49  			$logo = NULL;
50  			if($tab == 'language'){
51  				$flag = get_option(ICA_Input_SLUG.'language').'.png';
52  				$logo = sprintf('%s',ica_cat_flags($flag,array('width'=>'20')));
53  			}
54  			echo "<a class='nav-tab$class' href='?page=" . $get_slug . "&tab=$tab'>$logo $name</a>";
55  		}
56  		
57  		if($cat_tab_list){
58  			foreach ($cat_tab_list as $tab => $name) {
59  			if(isset($_GET['cat_slug'])){
60  				$_current = esc_attr($_GET['cat_slug']);
61  			}else{
62  				$_current = '';	
63  			}
64  			$class = ($current == 'categories' && $_current == $tab) ? ' nav-tab-active' : '';
65 echo "<a class='nav-tab$class' href='?page=" . $get_slug . "&tab=categories&cat_slug=$tab'><img ?>".$this->getLang($tab)."</a>";
66 } 67 }
@INLINE::/islamic-content-archive/views/layout/default.php /islamic-content-archive/views/layout/default.php:6 (show/hide source)
1  <form method="post" action="<?php admin_url( 'options-general.php?page='.ICA_Page_SLUG ); ?>">
2  <?php
3  	echo wp_nonce_field( "edc-settings-page" ); 
4  	
5  	$HtmlHelper = new html_helper();
6 $HtmlHelper->ica_admin_tabs();
7 $HtmlHelper->MainContent($mainViewFile); 8 ?>