Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Diarise 1.5.9 - Arbitrary File Retrieval" module is a test case designed to detect a local file retrieval vulnerability in the WordPress Diarise theme version 1.5.9. This vulnerability allows an attacker to retrieve arbitrary files from the server. The severity of this vulnerability is classified as high.
This module was authored by 0x_Akoko.
If successfully exploited, this vulnerability can expose sensitive information stored on the server, such as system files or configuration files. This information can be leveraged by attackers to gain unauthorized access or further exploit the system.
The module sends an HTTP GET request to the "/wp-content/themes/diarise/download.php?calendar=file:///etc/passwd" path. It then applies two matching conditions to determine if the vulnerability is present:
If both matching conditions are met, the module reports the vulnerability.
For more information, you can refer to the following sources:
- Packet Storm Security - CXSecurity