The attacker might not have any user level access to the web application. However, this does not mean that the application cannot be attacked remotely. Local File Inclusion vulnerabilities could be triggered even by unauthenticated users.
In the exercise below, the attacker is unauthenticated to the web application and needs to find a local file inclusion attack to access sensitive files from the server.
WordPress is a free and open source full-featured CMS for hosting blogs and web portals. It is based on PHP and MySQL. It is one of the most popular CMS.
WordPress Site Editor Plugin (1.1.1) is vulnerable to Local File Inclusion documented in CVE-2018-7422.
Objective: Your task is to find and exploit this vulnerability.
Level difficulty: Easy
Category: Webapps CVEs > Local File Inclusion
The lab started with a real copy of a default WordPress installation with one additional plugin which is vulnerable to Local File Inclusion.
After searching on the internet for
CVE-2018-7422 exploits I have discovered the following resource:
In order to retrieve the
/etc/passwd file contents, I used the following payload: