daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/fuzzing/wordpress-weak-credentials....

48 lines
1.3 KiB
YAML
Raw Normal View History

Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
id: wordpress-weak-credentials
info:
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 21:38:52 +00:00
name: WordPress - Weak Credentials
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
author: evolutionsec
severity: critical
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 21:38:52 +00:00
description: |
Weak WordPress Credentials were discovered.
reference:
- https://www.wpwhitesecurity.com/strong-wordpress-passwords-wpscan/
classification:
Dashboard Content Enhancements (#6613) Dashboard Content Enhancements
2023-01-24 16:21:18 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
cvss-score: 9.3
cwe-id: CWE-1391
Added max request counter of each template
2023-04-28 08:11:21 +00:00
metadata:
max-request: 276
reverted bruteforce tags to fuzz
2024-03-19 15:20:31 +00:00
tags: wordpress,default-login,fuzz
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
- raw:
misc update
2021-08-23 11:52:29 +00:00
- |
POST /wp-login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{BaseURL}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
misc update
2021-08-23 11:52:29 +00:00
log={{users}}&pwd={{passwords}}
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
payloads:
users: helpers/wordlists/wp-users.txt
passwords: helpers/wordlists/wp-passwords.txt
attack: clusterbomb
Added stop-at-first-match in applicable templates
2021-09-02 11:59:10 +00:00
stop-at-first-match: true
templateman update
2023-10-14 11:27:55 +00:00
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
matchers-condition: and
matchers:
- type: word
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 21:38:52 +00:00
part: header
Added WordPress Weak Credentials Detection
2021-08-23 11:50:33 +00:00
words:
- '/wp-admin'
- 'wordpress_logged_in'
condition: and
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 21:38:52 +00:00
- type: status
status:
- 302
Auto Template Signing [Tue Mar 19 16:40:41 UTC 2024] :robot:
2024-03-19 16:40:41 +00:00
# digest: 490a0046304402200c1408ee282f07a88d599b6e9e31b0bdb3d2e4fd0f027c30193d370a45b896ff022066ac3030dc876bd69dd867e59e9e985c250becbe504d1274ce392ae5436e1758:922c64590222798bb761d5b6d8e72950