nuclei-templates/http/vulnerabilities/wordpress/wp-yoast-user-enumeration.yaml

id: wp-yoast-user-enumeration

info:
  name: WordPress Yoast SEO Plugin -  User Enumeration
  author: FLX
  severity: info
  reference:
    - https://developer.yoast.com/features/xml-sitemaps/functional-specification/
  metadata:
    verified: true
    max-request: 1
    google-query: inurl:"/author-sitemap.xml"
  tags: wp,wp-plugin,wordpress,username,disclosure

http:
  - raw:
      - |
        @timeout: 15s
        GET /author-sitemap.xml HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<?xml"
          - "<lastmod>"
          - "<loc>"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"
          - "text/xml"

      - type: status
        status:
          - 200
# digest: 490a00463044022047ff660cb9bf3356e8492c2525614a375bb960108ec4935be7d35cde6224149202203d96ace3f2c72c5618a2af1c6138367709ce3adfd90f34ab3eda2f35d82ff160:922c64590222798bb761d5b6d8e72950
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`id: wp-yoast-user-enumeration`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00
			`info:`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`name: WordPress Yoast SEO Plugin - User Enumeration`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00			`author: FLX`
			`severity: info`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`reference:`
			`- https://developer.yoast.com/features/xml-sitemaps/functional-specification/`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00			`metadata:`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
misc metadata update 2024-01-19 05:41:43 +00:00			`google-query: inurl:"/author-sitemap.xml"`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`tags: wp,wp-plugin,wordpress,username,disclosure`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00
			`http:`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`- raw:`
			`- \|`
			`@timeout: 15s`
			`GET /author-sitemap.xml HTTP/1.1`
			`Host: {{Hostname}}`
fix some linting stuff 2023-10-05 17:53:02 +00:00
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`words:`
			`- "<?xml"`
			`- "<lastmod>"`
			`- "<loc>"`
			`condition: and`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00
			`- type: word`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`part: header`
implement wordpress-yoast-seo-user-enumeration 2023-10-05 16:44:32 +00:00			`words:`
Update wordpress-yoast-seo-user-enumeration.yaml 2023-10-08 08:20:56 +00:00			`- "application/xml"`
			`- "text/xml"`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Fri Jan 19 08:44:19 UTC 2024] :robot: 2024-01-19 08:44:19 +00:00			`# digest: 490a00463044022047ff660cb9bf3356e8492c2525614a375bb960108ec4935be7d35cde6224149202203d96ace3f2c72c5618a2af1c6138367709ce3adfd90f34ab3eda2f35d82ff160:922c64590222798bb761d5b6d8e72950`