WordPress ChurcHope Theme <= 2.1 - Local File Inclusion

What is the "WordPress ChurcHope Theme <= 2.1 - Local File Inclusion" module?

The "WordPress ChurcHope Theme <= 2.1 - Local File Inclusion" module is designed to detect a vulnerability in the ChurcHope WordPress theme version 2.1 or lower. This vulnerability is classified as CWE-22 and has a high severity level. The module aims to identify instances where an attacker can exploit a local file inclusion vulnerability in the ChurcHope theme.

Impact

If successfully exploited, the local file inclusion vulnerability in the ChurcHope theme can allow an attacker to access sensitive files on the server, such as the wp-config.php file. This file contains sensitive information, including database credentials (DB_NAME and DB_PASSWORD), which can be used to gain unauthorized access to the WordPress site and potentially compromise its security.

How the module works?

The module sends an HTTP GET request to the following path: /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php. It then applies two matching conditions to determine if the vulnerability is present:

- The module checks the response body for the presence of the words "DB_NAME" and "DB_PASSWORD". If these words are found, it indicates that the wp-config.php file has been successfully included in the response. - The module also checks the HTTP response status code, expecting a 200 status code. If the response code is 200, it confirms that the vulnerable file has been accessed.

If both matching conditions are met, the module reports the vulnerability, indicating that the ChurcHope theme is susceptible to a local file inclusion attack.