Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Javo Spot Premium Theme - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is the "WordPress Javo Spot Premium Theme - Local File Inclusion?"

The "WordPress Javo Spot Premium Theme - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Javo Spot Premium Theme. This vulnerability allows remote unauthenticated attackers to access locally stored files and retrieve their contents. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.

This module was authored by 0x_Akoko.


If exploited, this vulnerability can lead to unauthorized access to sensitive files stored on the server. Attackers can potentially retrieve sensitive information such as database credentials, which can be used for further attacks or unauthorized access to the WordPress site.

How the module works?

The module sends an HTTP GET request to the "/wp-admin/admin-ajax.php" endpoint with specific parameters that trigger the local file inclusion vulnerability. Here is an example of the request:

GET /wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery

The module then applies matching conditions to the response to determine if the vulnerability is present. The matching conditions include:

- Checking if the response body contains the strings "DB_NAME" and "DB_PASSWORD". - Verifying that the response status code is 200.

If both conditions are met, the module reports the vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability