Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress Memphis Document Library 3.1.5 - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#wpscan#wordpress#wp-plugin#lfi#edb
Description

What is "WordPress Memphis Document Library 3.1.5 - Local File Inclusion?"

The "WordPress Memphis Document Library 3.1.5 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Memphis Document Library plugin version 3.1.5. This vulnerability allows an attacker to include local files on the server, potentially exposing sensitive information.

This module has a high severity level, indicating the potential impact of the vulnerability.

The original author of this module is 0x_Akoko.

Impact

A successful exploitation of the local file inclusion vulnerability in WordPress Memphis Document Library 3.1.5 can lead to unauthorized access to sensitive files on the server. This can include configuration files containing database credentials, potentially compromising the security of the WordPress installation.

How the module works?

The module sends HTTP requests to specific paths in the WordPress Memphis Document Library plugin, attempting to include the wp-config.php file located in parent directories. The requests are made using the GET method.

The module then applies matching conditions to the response to determine if the vulnerability is present. It checks if the response body contains the words "DB_NAME" and "DB_PASSWORD", indicating the presence of sensitive database information. Additionally, it verifies that the response status code is 200, confirming a successful request.

Here is an example of an HTTP request made by the module:

GET /mdocs-posts/?mdocs-img-preview=../../../wp-config.php

If the matching conditions are met, the module reports the vulnerability.

For more information, you can refer to the following references:

- https://www.exploit-db.com/exploits/39593 - https://wpscan.com/vuln

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/mdocs-posts/?mdocs-.../?mdocs-img-preview=...
Matching conditions
word: DB_NAME, DB_PASSWORDand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability