nuclei-templates/vulnerabilities/wordpress/wordpress-accessible-wpconfig.yaml

id: wordpress-accessible-wpconfig

info:
  name: WordPress wp-config Detection
  author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n
  severity: medium
  description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cwe-id: CWE-200
  tags: wordpress,backup

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-config.php'
      - '{{BaseURL}}/.wp-config.php.swp'
      - '{{BaseURL}}/wp-config-sample.php'
      - '{{BaseURL}}/wp-config.inc'
      - '{{BaseURL}}/wp-config.old'
      - '{{BaseURL}}/wp-config.txt'
      - '{{BaseURL}}/wp-config.php.txt'
      - '{{BaseURL}}/wp-config.php.bak'
      - '{{BaseURL}}/wp-config.php.old'
      - '{{BaseURL}}/wp-config.php.dist'
      - '{{BaseURL}}/wp-config.php.inc'
      - '{{BaseURL}}/wp-config.php.swp'
      - '{{BaseURL}}/wp-config.php.html'
      - '{{BaseURL}}/wp-config-backup.txt'
      - '{{BaseURL}}/wp-config.php.save'
      - '{{BaseURL}}/wp-config.php~'
      - '{{BaseURL}}/wp-config.php-backup'
      - '{{BaseURL}}/wp-config.php.orig'
      - '{{BaseURL}}/wp-config.php.original'
      - '{{BaseURL}}/_wpeprivate/config.json'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        part: body
        condition: and

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/04/12