diff --git a/wordpress-bricks-builder-theme-detect.yaml b/wordpress-bricks-builder-theme-detect.yaml new file mode 100644 index 0000000000..ceba2ead00 --- /dev/null +++ b/wordpress-bricks-builder-theme-detect.yaml @@ -0,0 +1,31 @@ +id: wordpress-bricks-builder-theme-detect +info: + name: Detect WordPress Bricks Builder Theme Version <= 1.9.6 + author: yourname + severity: info + description: Checks for Bricks Builder Theme versions 1.9.6 and below. + reference: + - https://0day.today/exploit/description/39489 + tags: wordpress,bricksbuilder,detection + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/themes/bricks/readme.txt" + + matchers-condition: and + matchers: + - type: word + words: + - "Bricks Builder" + part: body + + - type: regex + regex: + - "Version\\s([0-1]\\.[0-8]\\.\\d+|1\\.9\\.[0-6])" + part: body + condition: or + + - type: status + status: + - 200