Please let us know where you find the validity issue with more details so we can investigate your test case and then fix it at our end.
Your contribution towards reporting the bug will be much appreciated and we will fix it after reproducing it at our end.
-
This reply was modified 8 years, 2 months ago by
PressTigers.
Dears,
i have my own local project which has face issue with your plugin, but you can take this demo as example http://demo.presstigers.com/job-board-extensions/jobs/hr-assistant/
well, on the above demo you could insert SQL query like the following :
” ‘”^_ 1=1|| TRUE ” SELECT * FROM TABLE_USER “;”
which that make your web site is Vulnerable.
that type of attack is basic, it’s called SQL injection kindly check it.
Best regards,
Mamoon Khaled Abuzaid.
Hello @mamoon15,
Sorry for the inconvenience.
Thanks for pointing out the issue. We will test this vulnerability at our end and then update you as well.
You can also drop us an email at [email protected] for personalize support regarding SJB.
Thanks again for your contribution towards bug reporting for Simple Job Board.
Best Regards,
hello,
thank you for the fast response.
i will be waiting for the update.
Best regards,
Mamoon Khaled
Please contact us at [email protected] we want to communicate further regarding this issue.
Hello Mamoon,
Thank you for taking your time in investigating SJB vulnerabilities. I think there has been some misunderstanding regarding SQL injection on your part. First of all, we would like to say that the fields that you are claiming to be vulnerable are not directly used in any query. Please go to the following line to see exactly how the application fields are saved.
https://plugins.trac.ww.wp.xz.cn/browser/simple-job-board/tags/2.4.6/includes/class-simple-job-board-ajax.php?rev=1772090#L193
If you go to this block and see Line#198 which saves these fields, you can see that these fields are saved through add_post_meta after being sanitized by sanitize_text_field. The result of this process is that these fields are saved as just text strings after being properly processed as per WordPress standards.
The solution that you have provided in your StackOverflow answer is not applicable to this scenario. You may use it for your case, but it does not apply to majority of SJB users. You are removing everything which is not alphanumeric. We have included application form fields to be used for any type of input that users want. They may need to enter special characters for that. Your solution renders anything that is not alphanumeric unable to be used. This will limit application fields’ usage scope instead of making it safe. For example, email addresses have ( @ ) in them, which is a special character. Website URLs have ( : ) and ( / ) in them, which are special characters. After adding your code users can not gather the email address or URL from their applicants.
We are always trying to keep our plugin updated and regularly maintain it after WordPress updates. Having more than 10,000 active installs, we consider it our responsibility to keep our users safe from our side of the code. And just for your information we would like to add that WordPress team keeps an eye on the plugins for security too and keeps removing plugins having proven vulnerabilites.
If after going through these links you still think that there is a vulnerability, you are welcome to contact us through our support email ( [email protected] ). One of our technical representatives will entertain your email and will address any concern you may have.
