header-logo
Suggest Exploit
vendor:
WordPress
by:
John Doe
8.8
CVSS
HIGH
URL Manipulation
20
CWE
Product Name: WordPress
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: All
2020

WordPress URL Manipulation Vulnerability

WordPress websites are vulnerable to URL manipulation attacks, which can be used to leak secret content. This can be done by adding '?static=1' to a WordPress URL and manipulating the returned entries by using 'order' with 'asc' or 'desc', 'orderby', and 'm' with 'm=YYYY', 'm=YYYYMM' or 'm=YYYYMMDD' date format.

Mitigation:

Ensure that all user-supplied input is properly validated and sanitized before being used in any URL.
Source

Exploit-DB raw data:

So far we know that adding `?static=1` to a wordpress URL should leak its secret content

Here are a few ways to manipulate the returned entries:

- `order` with `asc` or `desc`
- `orderby`
- `m` with `m=YYYY`, `m=YYYYMM` or `m=YYYYMMDD` date format


In this case, simply reversing the order of the returned elements suffices and `http://wordpress.local/?static=1&order=asc` will show the secret content:

Navigation

Suggest Exploit

Services By CQR