.. / CVE-2015-5471

Exploit for Swim Team <= v1.44.10777 - Local File Inclusion (CVE-2015-5471)

Description:

The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.

Nuclei Template

View the template here CVE-2015-5471.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2015/CVE-2015-5471.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2015-5471
http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/
https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568
http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html
http://www.vapid.dhs.org/advisory.php?v=134