Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Church Admin 0.33.2.1 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#wordpress#wp-plugin#lfi#wpscan
Description

What is "WordPress Church Admin 0.33.2.1 - Local File Inclusion?"

The "WordPress Church Admin 0.33.2.1 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Church Admin plugin version 0.33.2.1. This vulnerability allows an attacker to include local files by exploiting the "key" parameter in the "plugins/church-admin/display/download.php" file. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

A successful exploitation of this vulnerability can lead to unauthorized access to sensitive files on the server. This can potentially expose sensitive information, such as system configuration files or user credentials, to the attacker.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:

/wp-content/plugins/church-admin/display/download.php?key=../../../../../../../etc/passwd

The module then applies two matching conditions:

- Regex Matcher: The response body is checked for the presence of the string "root:[x*]:0:0". If this string is found, it indicates that the module has successfully included the local file. - Status Matcher: The response status code is checked to ensure it is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, please refer to the official documentation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wp-content/plugins/...
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability