WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal

What is the "WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal?"

The "WordPress Javo Spot Premium Theme - Unauthenticated Directory Traversal" module is designed to detect a vulnerability in the WordPress Javo Spot Premium Theme. This vulnerability allows unauthenticated users to perform a directory traversal attack, which can lead to unauthorized access to sensitive files.

The severity of this vulnerability is classified as high, as it can potentially expose critical information stored in the WordPress configuration file.

This module was authored by dhiyaneshDk.

Impact

If exploited, this vulnerability can allow attackers to read the contents of the WordPress configuration file, which may contain sensitive information such as database credentials.

How the module works?

The module sends an HTTP GET request to the "/wp-admin/admin-ajax.php" endpoint with specific parameters that trigger the directory traversal vulnerability. Here is an example of the request:

GET /wp-admin/admin-ajax.php?jvfrm_spot_get_json&fn=../../wp-config.php&callback=jQuery

The module then applies matching conditions to the response to determine if the vulnerability is present. The matching conditions include:

- The response body must contain the words "DB_NAME" and "DB_PASSWORD". - The response status code must be 200.

If both conditions are met, the module reports the vulnerability.

For more information about this vulnerability, you can refer to the following references:

- https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab - https://codeseekah.com/20