foot in mouth, I meant to spell that vulnerability . lol.
I’m seeing some very weird code especially the $private_key which you have included, however I will say this.
Thank for you attempting to contact the vendor.
However your solution is not ideal.
Line 52 in your doc:
! $wpcf_easyform_formid=substr($wpcf_easyform_formid,2);
Should be:
$wpcf_easyform_formid = intval($_POST[‘wpcf_easyform_formid’]);
And line 51 is redundant can can now be removed.
For those who don’t under stand diff and want to fix this:
in easy-form.class.php
look for:
$form = $wpdb->get_results(“SELECT * FROM $table_name WHERE ID = “.$_POST[‘wpcf_easyform_formid’]);
Change to:
$wpcf_easyform_formid = intval($_POST[‘wpcf_easyform_formid’]);
$form = $wpdb->get_results(“SELECT * FROM $table_name WHERE ID = “.$wpcf_easyform_formid);
Next search for:
WHERE form_id = “.$_POST[‘wpcf_easyform_formid’].”
replace with:
WHERE form_id = “.$wpcf_easyform_formid.”
Cheers,
Steven Roddis
intval() allows whatever the max of an int is for your version of php and platform number of forms.
This is obviously a disposable account, if anyone needs to contact me further. Google me.
FYI: I haven’t reviewed the plugin nor am I the author.
Right on thank you. That is great. The original plugin.zip file code can be found at exploit-db @ http://www.exploit-db.com/application/17980 This afternoon the plugin was removed from the site. I don’t understand why. but that intval() is a great add thanks for educating me 🙂
@skrapsrwt you actually helped me with that DoS code in your PoC for something else I’m pen-testing. Let’s call it even 🙂
@henrisalo -no its not the same plugin
