Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Aspose Words Exporter <2.0 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#wordpress#wp-plugin#lfi#aspose#wpscan
Description

What is the "WordPress Aspose Words Exporter <2.0 - Local File Inclusion?"

The "WordPress Aspose Words Exporter <2.0 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Aspose Words Exporter plugin. This vulnerability allows an attacker to perform a local file inclusion attack, potentially leading to unauthorized access to sensitive files.

The severity of this vulnerability is classified as high, with a CVSS score of 7.5. It is important to address this vulnerability promptly to prevent potential exploitation.

This module was authored by 0x_Akoko.

Impact

If successfully exploited, the local file inclusion vulnerability in the WordPress Aspose Words Exporter plugin can allow an attacker to access sensitive files on the server. This can include configuration files containing database credentials, potentially leading to further compromise of the WordPress installation.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php

The module then applies the following matching conditions:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports a vulnerability.

It is important to note that this module is part of a larger scanning process and is used to detect specific vulnerabilities or misconfigurations in WordPress installations.

For more information about this vulnerability, you can refer to the following references:

- https://wpscan.com/vulnerability/7869 - https://wordpre

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
word: DB_NAME, DB_PASSWORDand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability