Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Download Shortcode 0.2.3 - Local File Inclusion" module is designed to detect a local file inclusion vulnerability in the WordPress Download Shortcode plugin version 0.2.3. This vulnerability allows an attacker to include local files from the server by exploiting insufficient input sanitization. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.
This module was authored by dhiyaneshDK.
A successful exploitation of the local file inclusion vulnerability in the WordPress Download Shortcode plugin can lead to unauthorized access to sensitive files on the server. This can potentially expose sensitive information, such as database credentials, which can be used for further attacks.
The module sends an HTTP GET request to the "/wp-content/force-download.php?file=../wp-config.php" path, attempting to include the "wp-config.php" file from the parent directory. It then applies two matching conditions:
If both conditions are met, the module reports a vulnerability.
It is important to note that this module is part of the Vidoc platform, which uses multiple modules to perform scanning and testing for various misconfigurations, vulnerabilities, and software fingerprints.