Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WordPress Vault 0.8.6.6 - Local File Inclusion" module is designed to detect a vulnerability in the WordPress Vault plugin version 0.8.6.6. This vulnerability allows an attacker to include local files from the server, potentially leading to unauthorized access and information disclosure. The severity of this vulnerability is classified as high.
This module was authored by 0x_Akoko.
If successfully exploited, the local file inclusion vulnerability in WordPress Vault 0.8.6.6 can allow an attacker to access sensitive files on the server. This could include configuration files, user credentials, or other sensitive information. The unauthorized access to these files can lead to further exploitation and compromise of the affected system.
The module sends a specific HTTP request to the target WordPress site, attempting to exploit the local file inclusion vulnerability. The request path includes a parameter that traverses directories to access sensitive files, such as the "/etc/passwd" file.
The module then applies matching conditions to determine if the vulnerability is present. It checks if the response contains the string "root:.*:0:0:" (indicating the presence of the root user in the "/etc/passwd" file) and if the response status is 200 (indicating a successful request).
By analyzing the response and matching conditions, the module can determine if the WordPress Vault 0.8.6.6 plugin is vulnerable to local file inclusion.
For more information, you can refer to the exploit-db.com page.
Metadata: max-request: 1