From 85d79fd59749b944adc6b2fff4e4afba27d6f786 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Wed, 24 Nov 2021 12:09:22 +0400 Subject: [PATCH] Update and rename wp-haberadam-theme-idor.yaml to wp-haberadam-idor.yaml --- ...theme-idor.yaml => wp-haberadam-idor.yaml} | 28 ++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) rename vulnerabilities/wordpress/{wp-haberadam-theme-idor.yaml => wp-haberadam-idor.yaml} (59%) diff --git a/vulnerabilities/wordpress/wp-haberadam-theme-idor.yaml b/vulnerabilities/wordpress/wp-haberadam-idor.yaml similarity index 59% rename from vulnerabilities/wordpress/wp-haberadam-theme-idor.yaml rename to vulnerabilities/wordpress/wp-haberadam-idor.yaml index ff07555d76..bc276717b0 100644 --- a/vulnerabilities/wordpress/wp-haberadam-theme-idor.yaml +++ b/vulnerabilities/wordpress/wp-haberadam-idor.yaml @@ -1,29 +1,37 @@ -id: wp-Haberadam-theme-idor +id: wp-haberadam-idor info: name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API author: pussycat0x - severity: high + severity: low + reference: https://cxsecurity.com/issue/WLB-2021090078 metadata: google-dork: inurl:/wp-content/themes/haberadam/ - reference: - - https://cxsecurity.com/issue/WLB-2021090078 - tags: wordpress,idor + tags: wordpress,idor,wp-theme + requests: - method: GET path: - '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id=' - '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id=' + + stop-at-first-match: true matchers-condition: and matchers: - type: word - words: - - "status" - - "hava" - - "degree" - - "icon" part: body + words: + - '"status"' + - '"hava"' + - '"degree"' + - '"icon"' condition: and + - type: status status: - 200 + + - type: word + part: header + words: + - text/html