generic improvements
parent
97aa239d52
commit
43dccef185
|
@ -6,10 +6,12 @@ info:
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6455
|
reference: https://www.exploit-db.com/ghdb/6455
|
||||||
tags: wordpress,listing,wp-plugin
|
tags: wordpress,listing,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-content/plugins/easy-media-gallery-pro/"
|
- "{{BaseURL}}/wp-content/plugins/easy-media-gallery-pro/"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-bbpress-plugin-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress bbPress Plugin Directory Listing
|
name: WordPress bbPress Plugin Directory Listing
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the bbpress wordpress plugin.
|
description: Searches for sensitive directories present in the bbpress wordpress plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6158
|
reference: https://www.exploit-db.com/ghdb/6158
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
@ -12,6 +12,7 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-content/plugins/bbpress/"
|
- "{{BaseURL}}/wp-content/plugins/bbpress/"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -10,6 +10,7 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-content/debug.log"
|
- "{{BaseURL}}/wp-content/debug.log"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
@ -18,10 +19,12 @@ requests:
|
||||||
- text/plain
|
- text/plain
|
||||||
part: header
|
part: header
|
||||||
condition: or
|
condition: or
|
||||||
|
|
||||||
- type: regex
|
- type: regex
|
||||||
regex:
|
regex:
|
||||||
- "[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP"
|
- "[[0-9]{2}-[a-zA-Z]{3}-[0-9]{4} [0-9]{2}:[0-9]{2}:[0-9]{2} [A-Z]{3}] PHP"
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
|
@ -13,11 +13,13 @@ requests:
|
||||||
- "{{BaseURL}}/wp-content/themes/"
|
- "{{BaseURL}}/wp-content/themes/"
|
||||||
- "{{BaseURL}}/wp-content/plugins/"
|
- "{{BaseURL}}/wp-content/plugins/"
|
||||||
- "{{BaseURL}}/wp-includes/"
|
- "{{BaseURL}}/wp-includes/"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- Index of /
|
- "Index of /"
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-elementor-plugin-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Elementor Plugin Directory Listing
|
name: WordPress Elementor Plugin Directory Listing
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the elementor wordpress plugin.
|
description: Searches for sensitive directories present in the elementor wordpress plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6297
|
reference: https://www.exploit-db.com/ghdb/6297
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
@ -12,6 +12,7 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-content/plugins/elementor/"
|
- "{{BaseURL}}/wp-content/plugins/elementor/"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-gtranslate-plugin-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress gtranslate Plugin Directory Listing
|
name: WordPress gtranslate Plugin Directory Listing
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the gtranslate wordpress plugin.
|
description: Searches for sensitive directories present in the gtranslate wordpress plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6160
|
reference: https://www.exploit-db.com/ghdb/6160
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
@ -12,6 +12,7 @@ requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-content/plugins/gtranslate/"
|
- "{{BaseURL}}/wp-content/plugins/gtranslate/"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-redirection-plugin-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Redirection Plugin Directory Listing
|
name: WordPress Redirection Plugin Directory Listing
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-redirection plugin.
|
description: Searches for sensitive directories present in the wordpress-redirection plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6436
|
reference: https://www.exploit-db.com/ghdb/6436
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-woocommerce-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Woocommerce Plugin Directory Listing
|
name: WordPress Woocommerce Plugin Directory Listing
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the woocommerce wordpress plugin.
|
description: Searches for sensitive directories present in the woocommerce wordpress plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6192
|
reference: https://www.exploit-db.com/ghdb/6192
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -6,15 +6,15 @@ info:
|
||||||
severity: high
|
severity: high
|
||||||
description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
|
description: Critical Information Disclosure on WP Courses plugin < 2.0.29 exposes private course videos and materials
|
||||||
tags: wordpress,plugin
|
tags: wordpress,plugin
|
||||||
|
references: |
|
||||||
# References:
|
- https://www.exploit-db.com/exploits/48910
|
||||||
# - [1] https://www.exploit-db.com/exploits/48910
|
- https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
|
||||||
# - [2] https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/
|
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
path:
|
path:
|
||||||
- "{{BaseURL}}/wp-json/wp/v2/lesson/1"
|
- "{{BaseURL}}/wp-json/wp/v2/lesson/1"
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: regex
|
- type: regex
|
||||||
|
@ -23,10 +23,12 @@ requests:
|
||||||
- "\"(guid|title|content|excerpt)\":{\"rendered\":"
|
- "\"(guid|title|content|excerpt)\":{\"rendered\":"
|
||||||
condition: or
|
condition: or
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "application/json"
|
- "application/json"
|
||||||
part: header
|
part: header
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wp-123contactform-plugin-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress 123ContactForm Plugin Directory Listing
|
name: WordPress 123ContactForm Plugin Directory Listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: |
|
reference: |
|
||||||
- https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html
|
- https://blog.sucuri.net/2021/01/critical-vulnerabilities-in-123contactform-for-wordpress-wordpress-plugin.html
|
||||||
|
|
|
@ -2,7 +2,7 @@ id: wp-arforms-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin Arforms Listing
|
name: WordPress Plugin Arforms Listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6424
|
reference: https://www.exploit-db.com/ghdb/6424
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -2,7 +2,7 @@ id: wp-idx-broker-platinum-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin Idx Broker Platinum Listing
|
name: WordPress Plugin Idx Broker Platinum Listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6416
|
reference: https://www.exploit-db.com/ghdb/6416
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wp-plugin-1-flashgallery-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress 1 flash gallery listing
|
name: WordPress 1 flash gallery listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6978
|
reference: https://www.exploit-db.com/ghdb/6978
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-plugins-lifterlms
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin lifterlms Listing
|
name: WordPress Plugin lifterlms Listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6420
|
reference: https://www.exploit-db.com/ghdb/6420
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wordpress-plugins-ultimate-member
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin Ultimate Member
|
name: WordPress Plugin Ultimate Member
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6998
|
reference: https://www.exploit-db.com/ghdb/6998
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: wp-sfwd-lms-listing
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin Sfwd-lms Listing
|
name: WordPress Plugin Sfwd-lms Listing
|
||||||
author: pussycat0x
|
author: pussycat0x
|
||||||
severity: low
|
severity: info
|
||||||
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
description: Searches for sensitive directories present in the wordpress-plugins plugin.
|
||||||
reference: https://www.exploit-db.com/ghdb/6426
|
reference: https://www.exploit-db.com/ghdb/6426
|
||||||
tags: wordpress,listing
|
tags: wordpress,listing
|
||||||
|
|
Loading…
Reference in New Issue