WordPress Church Admin 0.33.2.1 - Local File Inclusion

What is "WordPress Church Admin 0.33.2.1 - Local File Inclusion?"

The "WordPress Church Admin 0.33.2.1 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Church Admin plugin version 0.33.2.1. This vulnerability allows an attacker to include local files by exploiting the "key" parameter in the "plugins/church-admin/display/download.php" file. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

A successful exploitation of this vulnerability can lead to unauthorized access to sensitive files on the server. This can potentially expose sensitive information, such as system configuration files or user credentials, to the attacker.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd

The module then applies two matching conditions:

- Regex Matcher: The response body is checked for the presence of the string "root:[x*]:0:0". If this string is found, it indicates that the module has successfully included the local file. - Status Matcher: The response status code is checked to ensure it is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, please refer to the official documentation.