WordPress Aspose PDF Exporter - Local File Inclusion

What is "WordPress Aspose PDF Exporter - Local File Inclusion?"

The "WordPress Aspose PDF Exporter - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Aspose PDF Exporter plugin. This vulnerability allows an attacker to include local files from the server by exploiting a file path traversal vulnerability. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

By exploiting the local file inclusion vulnerability in the WordPress Aspose PDF Exporter plugin, an attacker can gain unauthorized access to sensitive files on the server. This can lead to the exposure of sensitive information, such as database credentials, which can be used for further attacks.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php

The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", indicating the successful inclusion of the wp-config.php file. Additionally, it verifies that the HTTP response status code is 200.

If both conditions are met, the module reports a vulnerability.

References: