Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Diarise 1.5.9 - Arbitrary File Retrieval

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Diarise 1.5.9 - Arbitrary File Retrieval?" module?

The "WordPress Diarise 1.5.9 - Arbitrary File Retrieval" module is a test case designed to detect a local file retrieval vulnerability in the WordPress Diarise theme version 1.5.9. This vulnerability allows an attacker to retrieve arbitrary files from the server. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.


If successfully exploited, this vulnerability can expose sensitive information stored on the server, such as system files or configuration files. This information can be leveraged by attackers to gain unauthorized access or further exploit the system.

How does the module work?

The module sends an HTTP GET request to the "/wp-content/themes/diarise/download.php?calendar=file:///etc/passwd" path. It then applies two matching conditions to determine if the vulnerability is present:

    - The first matching condition uses a regular expression to search for the string "root:[x*]:0:0" in the response. If this string is found, it indicates that the server's password file ("/etc/passwd") has been successfully retrieved. - The second matching condition checks if the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the following sources:

- Packet Storm Security - CXSecurity

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability