nuclei-templates/vulnerabilities/wordpress/wordpress-accessible-wpconf...

id: wordpress-accessible-wpconfig
info:
  name: WordPress accessible wp-config
  author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n
  severity: high
  description: The remote WordPress installation has the `wp-config` file remotely accessible and its content available for reading.
  tags: wordpress,backup

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-config.php'
      - '{{BaseURL}}/.wp-config.php.swp'
      - '{{BaseURL}}/wp-config-sample.php'
      - '{{BaseURL}}/wp-config.inc'
      - '{{BaseURL}}/wp-config.old'
      - '{{BaseURL}}/wp-config.txt'
      - '{{BaseURL}}/wp-config.php.txt'
      - '{{BaseURL}}/wp-config.php.bak'
      - '{{BaseURL}}/wp-config.php.old'
      - '{{BaseURL}}/wp-config.php.dist'
      - '{{BaseURL}}/wp-config.php.inc'
      - '{{BaseURL}}/wp-config.php.swp'
      - '{{BaseURL}}/wp-config.php.html'
      - '{{BaseURL}}/wp-config-backup.txt'
      - '{{BaseURL}}/wp-config.php.save'
      - '{{BaseURL}}/wp-config.php~'
      - '{{BaseURL}}/wp-config.php-backup'
      - '{{BaseURL}}/wp-config.php.orig'
      - '{{BaseURL}}/wp-config.php.original'
      - '{{BaseURL}}/_wpeprivate/config.json'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        part: body
        condition: and

      - type: status
        status:
          - 200
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`id: wordpress-accessible-wpconfig`
			`info:`
			`name: WordPress accessible wp-config`
Update wordpress-accessible-wpconfig.yaml 2021-09-30 17:45:18 +00:00			`author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`severity: high`
Add description 2021-10-25 09:52:58 +00:00			description: The remote WordPress installation has the `wp-config` file remotely accessible and its content available for reading.
Update wordpress-accessible-wpconfig.yaml 2021-10-05 12:32:50 +00:00			`tags: wordpress,backup`
Added tags to wordpress templates. 2021-02-05 09:23:55 +00:00
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-config.php'`
Update wordpress-accessible-wpconfig.yaml 2021-02-22 02:51:01 +00:00			`- '{{BaseURL}}/.wp-config.php.swp'`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`- '{{BaseURL}}/wp-config-sample.php'`
Update wordpress-accessible-wpconfig.yaml 2021-02-22 02:51:01 +00:00			`- '{{BaseURL}}/wp-config.inc'`
			`- '{{BaseURL}}/wp-config.old'`
			`- '{{BaseURL}}/wp-config.txt'`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`- '{{BaseURL}}/wp-config.php.txt'`
			`- '{{BaseURL}}/wp-config.php.bak'`
			`- '{{BaseURL}}/wp-config.php.old'`
Update wordpress-accessible-wpconfig.yaml 2021-02-22 02:51:01 +00:00			`- '{{BaseURL}}/wp-config.php.dist'`
			`- '{{BaseURL}}/wp-config.php.inc'`
			`- '{{BaseURL}}/wp-config.php.swp'`
			`- '{{BaseURL}}/wp-config.php.html'`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`- '{{BaseURL}}/wp-config-backup.txt'`
Update wordpress-accessible-wpconfig.yaml Add a few additional paths 2020-08-15 15:19:40 +00:00			`- '{{BaseURL}}/wp-config.php.save'`
			`- '{{BaseURL}}/wp-config.php~'`
Update wordpress-accessible-wpconfig.yaml 2021-09-30 17:45:18 +00:00			`- '{{BaseURL}}/wp-config.php-backup'`
Update wordpress-accessible-wpconfig.yaml Add a few additional paths 2020-08-15 15:19:40 +00:00			`- '{{BaseURL}}/wp-config.php.orig'`
			`- '{{BaseURL}}/wp-config.php.original'`
Update wordpress-accessible-wpconfig.yaml 2020-08-12 14:51:27 +00:00			`- '{{BaseURL}}/_wpeprivate/config.json'`
Added stop-at-first-match in applicable templates 2021-09-02 11:59:10 +00:00
			`stop-at-first-match: true`
Update wordpress-accessible-wpconfig.yaml Add status matcher 2020-09-14 16:39:39 +00:00			`matchers-condition: and`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`matchers:`
			`- type: word`
			`words:`
Update wordpress-accessible-wpconfig.yaml 2021-10-05 12:32:50 +00:00			`- "DB_NAME"`
			`- "DB_PASSWORD"`
add wp-config file misconfig detection 2020-08-12 08:15:34 +00:00			`part: body`
Update wordpress-accessible-wpconfig.yaml 2021-10-05 12:32:50 +00:00			`condition: and`

Update wordpress-accessible-wpconfig.yaml Add status matcher 2020-09-14 16:39:39 +00:00			`- type: status`
			`status:`
			`- 200`