2021-07-28 18:26:51 +00:00
id : wordpress-upload-data
2022-04-22 10:38:41 +00:00
2021-07-28 18:26:51 +00:00
info :
name : wordpress-upload-data
author : pussycat0x
severity : medium
2021-10-26 09:35:56 +00:00
description : The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
2021-07-28 18:26:51 +00:00
reference : https://www.exploit-db.com/ghdb/7040
tags : wordpress,listing
2022-04-22 10:38:41 +00:00
2021-07-28 18:26:51 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/wp-content/uploads/data.txt"
2021-07-28 18:39:11 +00:00
2021-07-28 18:26:51 +00:00
matchers-condition : and
matchers :
- type : word
words :
2021-07-29 21:06:18 +00:00
- "admin:"
2021-07-28 18:39:11 +00:00
- type : word
part : header
words :
2021-07-29 21:06:18 +00:00
- "text/plain"
2021-07-28 18:39:11 +00:00
2021-07-28 18:26:51 +00:00
- type : status
status :
2021-07-28 18:39:11 +00:00
- 200