Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Wordpress Aspose Cloud eBook Generator - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#aspose#ebook#wpscan#wordpress#wp-plugin
Description

What is the "Wordpress Aspose Cloud eBook Generator - Local File Inclusion?"

The "Wordpress Aspose Cloud eBook Generator - Local File Inclusion" module is designed to detect a vulnerability in the Wordpress Aspose Cloud eBook Generator plugin. This vulnerability allows an attacker to include local files from the server by exploiting a file inclusion vulnerability in the plugin. The severity of this vulnerability is classified as high.

Impact

If successfully exploited, this vulnerability can lead to unauthorized access to sensitive files on the server. An attacker could potentially gain access to database credentials, such as the database name and password, which can be used for further attacks or unauthorized access to the website.

How the module works?

The module sends a GET request to the vulnerable endpoint:

/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php

The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", indicating that the wp-config.php file has been successfully included. Additionally, it verifies that the response status code is 200, confirming that the file inclusion was successful.

If both conditions are met, the module reports a vulnerability, indicating that the Wordpress Aspose Cloud eBook Generator plugin is vulnerable to local file inclusion.

Note: It is important to promptly update the plugin to the latest version or apply any available patches to mitigate this vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: DB_NAME, DB_PASSWORDand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability