2022-09-08 13:28:46 +00:00
id : wordpress-upload-data
2022-04-22 10:38:41 +00:00
2022-09-08 13:28:46 +00:00
info :
name : wordpress-upload-data
author : pussycat0x
severity : medium
description : The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
reference : https://www.exploit-db.com/ghdb/7040
tags : wordpress,listing
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2022-04-22 10:38:41 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-09-08 13:28:46 +00:00
- method : GET
path :
- "{{BaseURL}}/wp-content/uploads/data.txt"
matchers-condition : and
matchers :
- type : word
words :
- "admin:"
- type : word
part : header
words :
- "text/plain"
- type : status
status :
- 200