漏洞描述
The WordPress plugin "Enable Media Replace" (enable-media-replace) bundles a ShortPixel-based logger that writes a plugin-specific log file into the WordPress uploads directory, typically as `wp-content/uploads/EnableMediaReplace.log`.
wp-enable-media-replace-log: WordPress Plugin Enable Media Replace - Log File Exposure
PoC代码[已公开]
id: wp-enable-media-replace-log
info:
name: WordPress Plugin Enable Media Replace - Log File Exposure
author: DhiyaneshDk
severity: medium
description: |
The WordPress plugin "Enable Media Replace" (enable-media-replace) bundles a ShortPixel-based logger that writes a plugin-specific log file into the WordPress uploads directory, typically as `wp-content/uploads/EnableMediaReplace.log`.
reference:
- https://wordpress.org/plugins/enable-media-replace/
metadata:
verified: true
max-request: 1
fofa-query: body="/plugins/enable-media-replace/"
tags: wordpress,wp,wp-plugin,enable-media-replace,log,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/EnableMediaReplace.log"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Deprecated", "enable-media-replace")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100ed1c0846857e679e6655628f44e8cbc0f998e48722a8b52121674b82916904b102200241ed69accc533d6c0e89e42c1af8c7bc9972947ba81f1f852b52606c0f6a0d:922c64590222798bb761d5b6d8e72950