nuclei-templates/http/vulnerabilities/wordpress/wordpress-wp-cron.yaml

40 lines
1.2 KiB
YAML
Raw Normal View History

2022-03-23 16:35:01 +00:00
id: wordpress-wp-cron
info:
name: Wordpress wp-cron.php DOS
author: pathtaga
2022-03-24 09:19:46 +00:00
severity: info
2022-03-23 16:35:01 +00:00
description: When this file is accessed a heavy MySQL query is performed, so it could be used by attackers to cause a DoS.
reference:
- https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
2022-03-24 09:19:46 +00:00
- https://medium.com/@thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30
2022-03-24 10:53:59 +00:00
tags: wordpress,cron,wp,dos
metadata:
max-request: 2
2022-03-23 16:35:01 +00:00
http:
2022-03-24 09:19:46 +00:00
- method: GET
path:
2022-03-24 10:50:45 +00:00
- "{{BaseURL}}"
2022-03-24 09:19:46 +00:00
- "{{BaseURL}}/wp-cron.php"
2022-03-23 16:35:01 +00:00
2022-03-24 10:50:45 +00:00
req-condition: true
2022-03-24 09:19:46 +00:00
matchers-condition: and
matchers:
2022-03-24 10:50:45 +00:00
- type: dsl
dsl:
- (regex("<link[^>]+s\d+\.wp\.com",body_1))
- (regex("<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -",body_1))
- (regex("<!--[^>]+WP-Super-Cache",body_1))
- contains(body_1, "/wp-content/themes/")
- contains(body_1, "/wp-includes/")
- contains(body_1, 'name=\"generator\" content=\"wordpress')
- contains(body_1, '<!-- performance optimized by w3 total cache.')
condition: or
2022-03-24 12:53:32 +00:00
- type: dsl
dsl:
- "len(body_2) == 0"
- "status_code_2 == 200"
- "contains(content_type_2, 'text/html')"