WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
| EKU-ID: 51794 | CVE: CVE-2019-17671 | OSVDB-ID: |
| Author: Sebastian Neef | Published: 2019-10-14 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 51794 | CVE: CVE-2019-17671 | OSVDB-ID: |
| Author: Sebastian Neef | Published: 2019-10-14 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
So far we know that adding `?static=1` to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - `order` with `asc` or `desc` - `orderby` - `m` with `m=YYYY`, `m=YYYYMM` or `m=YYYYMMDD` date format In this case, simply reversing the order of the returned elements suffices and `http://wordpress.local/?static=1&order=asc` will show the secret content: