Broken nonce login check in v2.0.7

  • Resolved Alex Kladov

    (@prowebassist)


    3 years, 9 months ago

    I think I just discovered a bug, which you introduced in v2.0.7, when you published v2.0.7 security fix.

    You introduced this change right here. You changed the key from nonce to login-nonce & action string from quadmenu to quadmenu-login, but forgot to reflect that change during the security check in this file on line 102.

    I believe line 102 should be updated to this:

    
    if (!check_ajax_referer('quadmenu-login', 'login-nonce', false)) {

    I believe this causes the Quadmenu popup login box to no longer work.

    Also WARNING TO ANYONE ON QUADMENU v2.0.6 AND BELOW! DO NOT DOWNGRADE TO v2.0.7! There is a CRITICAL SECURITY VULNERABILITY present in Quadmenu versions below v2.0.7! Hundreds of websites just got hacked because of it (one of my clients did too). So UPGRADE to 2.0.7 IMMEDIATELY and wait for a fix to this problem. It’s better to have a broken login box, than to have your site gone/jeopardised completely.

    P.S. The security vulnerability you have in versions 2.0.6 and below – what a god damn mess! You allowed UNAUTHENTICATED USERS to upload PHP files directly to the server!!! Jesus Christ that is bad! A hacker could completely erase someone’s website that way (or just steal it entirely for blackmail purposes)! Please get a white hat hacker company to do a full security audit on your plugin’s code, if you can afford it! A vulnerability of this magnitude is absolutely unacceptable. Haven’t seen **** this bad for a loooooooooooooooooooooong time (if ever, tbh). Makes me wonder if I should keep using Quadmenu on any of my managed sites..

Viewing 1 replies (of 1 total)

  • hello mate

    we’ve update the nonce validation system to fix cache issues

    this issue should be solved too

    please test 2.0.8 and pro 1.9.1

Viewing 1 replies (of 1 total)
  • The topic ‘Broken nonce login check in v2.0.7’ is closed to new replies.