Vulnerabilities

  • tniessen

    (@tniessen)


    11 years, 2 months ago

    Hello,

    we have used this plugin for some months now. It is doing a good job on our site and is stable.
    I stumbled over two problems today:

    1. This plugin is vulnerable to integer injections: It does not check the POST data in AJAX requests. It is possible to inject huge (both positive and negative) ratings through the ‘stars’ parameter.
    2. Your PHP code does not check the AJAX source IP. It just tells the browser not to allow rating more often than once. This allows an unlimited number of ratings.

    Both vulnerabilities allow setting a post’s rating to any value. Combining them makes it even easier.

    Best regards
    tniessen

    http://wordpress.org/extend/plugins/kk-star-ratings/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter tniessen

    (@tniessen)

    10 years, 10 months ago

    Thanks for fixing #1! But I think it is still possible to rate an article several times from a single IP address:
    curl --data "action=kksr_ajax&id=$POST_ID&stars=$STARS&_wpnonce=$NONCE" $BLOG_URL/wp-admin/admin-ajax.php

    Plugin Contributor Kamal Khan

    (@bhittani)

    10 years, 10 months ago

    I don’t think so. I will dry run it again to check.

    What is happening right now is that the ip is stored in the db as an array. If you try posting multiple times, it will fail because it will already find the ip in the array.

    Plugin Contributor Kamal Khan

    (@bhittani)

    10 years, 10 months ago

    okay, you are right. I thought of adding the check, but realize that it went passed my head and was not implemented.

    Will be releasing a fix shortly.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Vulnerabilities’ is closed to new replies.