Update wordpress-wp-cron.yaml

2022-03-24 16:20:45 +05:30 · 2022-03-24 16:20:45 +05:30 · ad8b1a77c3
parent b494dd3f94
commit ad8b1a77c3
1 changed files with 16 additions and 10 deletions
--- a/vulnerabilities/wordpress/wordpress-wp-cron.yaml
+++ b/vulnerabilities/wordpress/wordpress-wp-cron.yaml
@ -8,24 +8,30 @@ info:
  reference:
    - https://book.hacktricks.xyz/pentesting/pentesting-web/wordpress
    - https://medium.com/@thecpanelguy/the-nightmare-that-is-wpcron-php-ae31c1d3ae30
-  tags: wordpress,cron,wp,dos
+  tags: wordpress,cron,wp,dosd

 requests:
  - method: GET
    path:
+      - "{{BaseURL}}"
      - "{{BaseURL}}/wp-cron.php"

+    req-condition: true
    matchers-condition: and
    matchers:
-      - type: word
-        part: header
-        words:
-          - "text/html"
-
-      - type: status
-        status:
-          - 200
-
      - type: dsl
        dsl:
          - "len(body) == 0"
+          - "status_code_2 == 200"
+          - "contains(body_2, 'text/html')"
+
+      - type: dsl
+        dsl:
+          - (regex("<link[^>]+s\d+\.wp\.com",body_1))
+          - (regex("<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -",body_1))
+          - (regex("<!--[^>]+WP-Super-Cache",body_1))
+          - contains(body_1, "/wp-content/themes/")
+          - contains(body_1, "/wp-includes/")
+          - contains(body_1, 'name=\"generator\" content=\"wordpress')
+          - contains(body_1, '<!-- performance optimized by w3 total cache.')
+        condition: or