Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Wordpress HB Audio Gallery Lite - Local File Inclusion" module is designed to detect a vulnerability in the Wordpress HB Audio Gallery Lite plugin. This vulnerability allows an attacker to include local files from the server, potentially exposing sensitive information.
This module has a high severity level, indicating the potential impact of the vulnerability.
Author: dhiyaneshDK
If exploited, this vulnerability could allow an attacker to access sensitive files on the server, such as the wp-config.php file, which contains database credentials and other sensitive information. This could lead to further compromise of the Wordpress installation and potentially the entire server.
The module sends a GET request to the "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php" endpoint with specific parameters that trigger the local file inclusion vulnerability. The parameters used are "file_path" and "file_size".
The module then checks the response body for the presence of specific keywords, such as "DB_NAME" and "DB_PASSWORD", which indicate the successful inclusion of sensitive information.
Additionally, the module verifies that the response status code is 200, ensuring that the vulnerable endpoint is accessible.
Example HTTP request:
GET /wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php?file_path=../../../../wp-config.php&file_size=10
The module matches the response body for the keywords "DB_NAME" and "DB_PASSWORD" and verifies that the response status code is 200.
Reference:- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lit