Merge pull request #371 from geraldino2/master

Add checks for public Wordpress debug.log
2020-08-30 21:28:44 +05:30 · 2020-08-30 21:28:44 +05:30 · 81836ffec1
parent 281dcb65ef 6357461ef3
commit 81836ffec1
2 changed files with 26 additions and 0 deletions
--- a/files/wordpress-debug-log.yaml
+++ b/files/wordpress-debug-log.yaml
@ -0,0 +1,24 @@
+id: wp-debug-log
+
+info:
+  name: WordPress debug log
+  author: geraldino2
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/debug.log"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - octet-stream
+          - text/plain
+        part: header
+        condition: or
+
+      - type: status
+        status:
+          - 200
--- a/workflows/wordpress-workflow.yaml
+++ b/workflows/wordpress-workflow.yaml
@ -11,6 +11,7 @@ variables:
  wordpress_duplicator_path_traversal: vulnerabilities/wordpress-duplicator-path-traversal.yaml
  wordpress_wordfence_xss: vulnerabilities/wordpress-wordfence-xss.yaml
  wordpress_cve_1: cves/CVE-2019-9978.yaml
+  wordpress_debug_log: files/wordpress-debug-log.yaml

 logic: |
  wordpress_tech()
@ -23,4 +24,5 @@ logic: |
    wordpress_duplicator_path_traversal()
    wordpress_wordfence_xss()
    wordpress_cve_1()
+    wordpress_debug_log()
  }