Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Aspose PDF Exporter - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#aspose#packetstorm#wordpress#wp-plugin#lfi
Description

What is "WordPress Aspose PDF Exporter - Local File Inclusion?"

The "WordPress Aspose PDF Exporter - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Aspose PDF Exporter plugin. This vulnerability allows an attacker to include local files from the server by exploiting a file path traversal vulnerability. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

By exploiting the local file inclusion vulnerability in the WordPress Aspose PDF Exporter plugin, an attacker can gain unauthorized access to sensitive files on the server. This can lead to the exposure of sensitive information, such as database credentials, which can be used for further attacks.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php

The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", indicating the successful inclusion of the wp-config.php file. Additionally, it verifies that the HTTP response status code is 200.

If both conditions are met, the module reports a vulnerability.

References:

- Packet Storm Security - WordPress Plugin Directory

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: DB_NAME, DB_PASSWORDand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability