nuclei-templates/vulnerabilities/wordpress/wp-upload-data.yaml

30 lines
684 B
YAML
Raw Normal View History

2021-07-28 18:26:51 +00:00
id: wordpress-upload-data
2021-07-28 18:26:51 +00:00
info:
name: wordpress-upload-data
author: pussycat0x
severity: medium
2021-10-26 09:35:56 +00:00
description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
2021-07-28 18:26:51 +00:00
reference: https://www.exploit-db.com/ghdb/7040
tags: wordpress,listing
2021-07-28 18:26:51 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/data.txt"
2021-07-28 18:39:11 +00:00
2021-07-28 18:26:51 +00:00
matchers-condition: and
matchers:
- type: word
words:
2021-07-29 21:06:18 +00:00
- "admin:"
2021-07-28 18:39:11 +00:00
- type: word
part: header
words:
2021-07-29 21:06:18 +00:00
- "text/plain"
2021-07-28 18:39:11 +00:00
2021-07-28 18:26:51 +00:00
- type: status
status:
2021-07-28 18:39:11 +00:00
- 200