WordPress.org

Ready to get started?Download WordPress

Forums

kk Star Ratings
Vulnerabilities (4 posts)

  1. tniessen
    Member
    Posted 1 year ago #

    Hello,

    we have used this plugin for some months now. It is doing a good job on our site and is stable.
    I stumbled over two problems today:

    1. This plugin is vulnerable to integer injections: It does not check the POST data in AJAX requests. It is possible to inject huge (both positive and negative) ratings through the 'stars' parameter.
    2. Your PHP code does not check the AJAX source IP. It just tells the browser not to allow rating more often than once. This allows an unlimited number of ratings.

    Both vulnerabilities allow setting a post's rating to any value. Combining them makes it even easier.

    Best regards
    tniessen

    http://wordpress.org/extend/plugins/kk-star-ratings/

  2. tniessen
    Member
    Posted 1 year ago #

    Thanks for fixing #1! But I think it is still possible to rate an article several times from a single IP address:
    curl --data "action=kksr_ajax&id=$POST_ID&stars=$STARS&_wpnonce=$NONCE" $BLOG_URL/wp-admin/admin-ajax.php

  3. Kamal Khan
    Member
    Plugin Author

    Posted 1 year ago #

    I don't think so. I will dry run it again to check.

    What is happening right now is that the ip is stored in the db as an array. If you try posting multiple times, it will fail because it will already find the ip in the array.

  4. Kamal Khan
    Member
    Plugin Author

    Posted 1 year ago #

    okay, you are right. I thought of adding the check, but realize that it went passed my head and was not implemented.

    Will be releasing a fix shortly.

    Thanks

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic