WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion

What is "WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion?"

The "WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Amministrazione Aperta plugin version 3.7.3. This vulnerability allows an attacker to include local files on the server, potentially leading to unauthorized access or information disclosure. The severity of this vulnerability is classified as high.

This module was authored by daffainfo and Splint3r7.

Impact

If successfully exploited, the local file inclusion vulnerability in WordPress Amministrazione Aperta 3.7.3 can allow an attacker to access sensitive files on the server. This could include configuration files, user credentials, or other sensitive information. The impact of this vulnerability depends on the specific files that can be accessed and the privileges of the compromised user.

How does the module work?

The module sends an HTTP GET request to the vulnerable plugin's dispatcher.php file, with a specific parameter that allows the inclusion of arbitrary files. The module then uses matching conditions to determine if the vulnerability is present.

For example, the module checks if the response contains the string "root:[x*]:0:0", which indicates the presence of the root user's entry in the /etc/passwd file. Additionally, it verifies that the HTTP response status is 200, indicating a successful request.

By analyzing the response and matching conditions, the module can determine if the WordPress Amministrazione Aperta 3.7.3 plugin is vulnerable to local file inclusion.

Reference:

- https://www.exploit-db.com/exploits/50838

- https://wordpr