Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Aspose PDF Exporter - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Aspose PDF Exporter plugin. This vulnerability allows an attacker to include local files from the server by exploiting a file path traversal vulnerability. The severity of this vulnerability is classified as high.
This module was authored by 0x_Akoko.
By exploiting the local file inclusion vulnerability in the WordPress Aspose PDF Exporter plugin, an attacker can gain unauthorized access to sensitive files on the server. This can lead to the exposure of sensitive information, such as database credentials, which can be used for further attacks.
The module sends an HTTP GET request to the vulnerable endpoint:
/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php?file=../../../wp-config.php
The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", indicating the successful inclusion of the wp-config.php file. Additionally, it verifies that the HTTP response status code is 200.
If both conditions are met, the module reports a vulnerability.
References:
- Packet Storm Security - WordPress Plugin Directory