Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-39327 PoC — WordPress 插件 信息泄露漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-39327.yaml
Associated Vulnerability
Title:WordPress 插件 信息泄露漏洞 (CVE-2021-39327)
Description:WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 BulletProof Security 存在信息泄露漏洞,该漏洞源于WordPress的BulletProof Security插件很容易泄露敏感信息,因为在公开可访问的~ db backup log.txt文件中有一个文件路径泄露。攻击者可利用该漏洞除了可以获得数据库备份文件的路径外,还可以获得站点的完整路径。
Description
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
File Snapshot

 id: CVE-2021-39327

info:
  name: WordPress BulletProof Security 5.1 Information Disclosure
  author

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.