nuclei-templates/vulnerabilities/wordpress/wp-full-path-disclosure.yaml

20 lines
516 B
YAML
Raw Normal View History

2021-05-27 21:13:04 +00:00
id: wp-full-path-disclosure
2021-05-27 13:27:16 +00:00
info:
name: Wordpress Full Path Disclosure
author: arcc
severity: info
reference: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files
2021-05-27 21:13:04 +00:00
tags: debug,wordpress,fpd
2021-05-27 13:27:16 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/wp-includes/rss-functions.php"
matchers:
- type: word
words:
2021-05-27 21:13:04 +00:00
- 'Call to undefined function _deprecated_file()'
2021-05-27 13:27:16 +00:00
part: body