Update and rename wp-haberadam-theme-idor.yaml to wp-haberadam-idor.yaml

2021-11-24 12:09:22 +04:00 · 2021-11-24 12:09:22 +04:00 · 85d79fd597
parent b7701dc7b3
commit 85d79fd597
1 changed files with 18 additions and 10 deletions
--- a/vulnerabilities/wordpress/wp-haberadam-theme-idor.yaml
+++ b/vulnerabilities/wordpress/wp-haberadam-theme-idor.yaml
@ -1,29 +1,37 @@
-id: wp-Haberadam-theme-idor
+id: wp-haberadam-idor

 info:
  name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API
  author: pussycat0x
-  severity: high
+  severity: low
+  reference: https://cxsecurity.com/issue/WLB-2021090078
  metadata:
    google-dork: inurl:/wp-content/themes/haberadam/
-  reference:
-    - https://cxsecurity.com/issue/WLB-2021090078
-  tags: wordpress,idor
+  tags: wordpress,idor,wp-theme
+
 requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id='
      - '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id='
+
+    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
-        words:
-          - "status"
-          - "hava"
-          - "degree"
-          - "icon"
        part: body
+        words:
+          - '"status"'
+          - '"hava"'
+          - '"degree"'
+          - '"icon"'
        condition: and
+
      - type: status
        status:
          - 200
+
+      - type: word
+        part: header
+        words:
+          - text/html