Wordpress HB Audio Gallery Lite - Local File Inclusion

What is "Wordpress HB Audio Gallery Lite - Local File Inclusion?"

The "Wordpress HB Audio Gallery Lite - Local File Inclusion" module is designed to detect a vulnerability in the Wordpress HB Audio Gallery Lite plugin. This vulnerability allows an attacker to include local files from the server, potentially exposing sensitive information.

This module has a high severity level, indicating the potential impact of the vulnerability.

Author: dhiyaneshDK

Impact

If exploited, this vulnerability could allow an attacker to access sensitive files on the server, such as the wp-config.php file, which contains database credentials and other sensitive information. This could lead to further compromise of the Wordpress installation and potentially the entire server.

How the module works?

The module sends a GET request to the "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php" endpoint with specific parameters that trigger the local file inclusion vulnerability. The parameters used are "file_path" and "file_size".

The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", which indicate the successful inclusion of sensitive information.

Additionally, the module verifies that the response status code is 200, ensuring that the vulnerable endpoint is accessible.

Example HTTP request:

GET /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10

The module matches the response body for the keywords "DB_NAME" and "DB_PASSWORD" and verifies that the response status code is 200.

- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lit