wordpress-upload-data: wordpress-upload-data

日期: 2025-08-01 | 影响软件: wordpress-upload-data | POC: 已公开

漏洞描述

The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.

PoC代码[已公开]

id: wordpress-upload-data

info:
  name: wordpress-upload-data
  author: pussycat0x
  severity: medium
  description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
  reference:
    - https://www.exploit-db.com/ghdb/7040
  metadata:
    max-request: 1
  tags: wordpress,listing,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/data.txt"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "admin:"

      - type: word
        part: header
        words:
          - "text/plain"

      - type: status
        status:
          - 200
# digest: 490a004630440220432e37581c1a3606b5d121414234742f90edaf33014d1d19a8f3a242f501369c02203eb22ac0606210d97a7a3e5242cf7be9ea389f238344f052caf9324e70d32a3f:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/wp-upload-data.yaml

相关漏洞推荐