Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WordPress NativeChurch Theme - Local File Inclusion

By kannthu

Vidoc logoVidoc Module

What is the "WordPress NativeChurch Theme - Local File Inclusion?"

The "WordPress NativeChurch Theme - Local File Inclusion" module is designed to detect a vulnerability in the NativeChurch WordPress theme. This vulnerability allows an attacker to include local files through the download.php file, potentially exposing sensitive information.

This module has a severity level of high, indicating the potential impact of the vulnerability.

This module was authored by 0x_Akoko.


If successfully exploited, the local file inclusion vulnerability in the NativeChurch theme can allow an attacker to access sensitive files on the server. This can lead to the exposure of database credentials and other confidential information stored in the wp-config.php file.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint:


The module then checks the response body for specific keywords, including "DB_NAME," "DB_PASSWORD," "DB_HOST," and "The base configurations of the WordPress." If any of these keywords are found, the module considers the vulnerability to be present.

By matching these keywords, the module can identify if the wp-config.php file is accessible and if sensitive information is at risk of exposure.

For more information about this vulnerability, you can refer to the following references:

- Packet Storm Security - WPScan

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: DB_NAME, DB_PASSWORD, DB_HOST, The base ...
Passive global matcher
No matching conditions.
On match action
Report vulnerability