added match key for _wpeprivate/config.json according https://twitter.com/WllGates/status/1712965022341632245

patch-1
mastercho 2024-01-08 04:42:29 +02:00
parent 92b7fa1e74
commit f99ab01416
1 changed files with 7 additions and 1 deletions

View File

@ -2,7 +2,7 @@ id: wordpress-accessible-wpconfig
info: info:
name: WordPress wp-config Detection name: WordPress wp-config Detection
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugazh author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugazh,mastercho
severity: medium severity: medium
description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading. description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
classification: classification:
@ -65,4 +65,10 @@ http:
- "PASSWORD" - "PASSWORD"
condition: and condition: and
- type: word
part: body
words:
- "DB_USERNAME"
- "DB_PASSWORD"
condition: and
# digest: 4b0a00483046022100f88f704a2270d5d54e06c42cfc035f9104301d9940f38771a55b0e4953384865022100e7453447cdf3813db80dc184271aa25b98a984fba38ddd9d7d4da1dd49575379:922c64590222798bb761d5b6d8e72950 # digest: 4b0a00483046022100f88f704a2270d5d54e06c42cfc035f9104301d9940f38771a55b0e4953384865022100e7453447cdf3813db80dc184271aa25b98a984fba38ddd9d7d4da1dd49575379:922c64590222798bb761d5b6d8e72950