Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-6715 PoC — WordPress W3 Total Cache插件信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-6715.yaml
Associated Vulnerability
Title:WordPress W3 Total Cache插件信息泄露漏洞 (CVE-2019-6715)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。W3 Total Cache plugin是使用在其中的一个SEO(搜索引擎优化)插件。 WordPress W3 Total Cache插件0.9.4之前版本中的pub/sns.php文件存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。
Description
WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.
File Snapshot

 id: CVE-2019-6715

info:
  name: W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Director

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.