File Shared < 1.6.48 (Wordpress Plugin) — Sensitive Data Exposure Mysql version, enviroment, ++;
File Shared Plugin
Shared Files provides an interface for uploading and managing a large group of documents and files easily with numerous layout options and shortcodes for inserting downloadable files anywhere on the website.
When we try upload an unauthorized file, The plugin core stored Database sensitive informations like Mysql Version, Enviroment informations, userid, user_session, ip, ua (browser informations).
https://wordpress.org/plugins/shared-files/ (+ 2.000 Downloads)
Steps To Reproduce:
- Login with Administrator / Contributor / Editor Account
- Go to Shared File Page: /wp-admin/edit.php?post_type=shared_file
- upload a unauthorized file like: anyscript.py / Intercept this request with BurpSuite.
- show suorce code page or burp response.
More Details:
File cause this error: "/var/www/wordpress/wp-includes/class-wp-hook.php" Class: "WP_HOOK" Function: "apply_filters()"
(Plugin) Decalog-Console: Wordpress Details
[2021-07-03 04:42:36] WFRONT NOTICE UID:000000 WordPress: User logged-in: luth1er (user ID 1).
[2021-07-03 04:44:00] WBACK INFO UID:000001 WordPress: Post updated: “asa“ (post ID 106) by luth1er (user ID 1).
[2021-07-03 04:44:00] WBACK CRITICAL UID:000001 WordPress: Sorry, this file type is not permitted for security reasons.
[2021-07-03 04:44:00] WBACK CRITICAL UID:000001 MySQL compatible: A database error was detected during the page rendering: “Table `wordpress.wp_comments` doesn`t exist“ in the query “SELECT comment_approved, COUNT( * ) AS totalFROM wp_commentsGROUP BY comment_approved“.
[2021-07-03 04:54:29] WBACK INFO WP_Hook::apply_filters() in ./wp-includes/class-wp-hook.php:292
[2021-07-03 04:54:29] WBACK CRITICAL wp_die() in ./wp-includes/functions.php:3421
[2021-07-03 04:54:29] WBACK CRITICAL WP_Hook::apply_filters() in ./wp-includes/class-wp-hook.php:290 (Plugin) Decalog-Console: PHP Introspection
[2021-07-03 04:42:41] WBACK CRITICAL UID:000001 MySQL compatible: A database error was detected during the page rendering: “Table `wordpress.wp_comments` doesn`t exist“ in the query “SELECT comment_approved, COUNT( * ) AS num_comments FROM wp_comments WHERE comment_type != “edd_payment_note“ GROUP BY comm…
[2021-07-03 04:42:41] WBACK CRITICAL UID:000001 MySQL compatible: A database error was detected during the page rendering: “Table `wordpress.wp_comments` doesn`t exist“ in the query “SELECT wp_comments.comment_ID FROM wp_comments WHERE ( ( comment_approved = `0` OR comment_approved = `1` ) ) AND comment_typ…
[2021-07-03 04:42:53] WBACK CRITICAL UID:000001 MySQL compatible: A database error was detected during the page rendering: “Table `wordpress.wp_comments` doesn`t exist“ in the query “SELECT comment_approved, COUNT( * ) AS totalFROM wp_commentsGROUP BY comment_approved“.
[2021-07-03 04:43:03] WBACK CRITICAL UID:000001 MySQL compatible: A database error was detected during the page rendering: “Table `wordpress.wp_comments` doesn`t exist“ in the query “SELECT comment_approved, COUNT( * ) AS totalFROM wp_commentsGROUP BY comment_approved“.```Contributor Profile:
