From ff4811e085adab65e30108fe33fb1ed18f1d63e1 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 21 Sep 2021 15:21:16 +0530
Subject: [PATCH] Create wordpress-git-config.yaml

---
 .../wordpress/wordpress-git-config.yaml       | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 vulnerabilities/wordpress/wordpress-git-config.yaml

diff --git a/vulnerabilities/wordpress/wordpress-git-config.yaml b/vulnerabilities/wordpress/wordpress-git-config.yaml
new file mode 100644
index 0000000000..623ab5f4aa
--- /dev/null
+++ b/vulnerabilities/wordpress/wordpress-git-config.yaml
@@ -0,0 +1,31 @@
+id: wordpress-git-config
+
+info:
+  name: Wordpress Git Config
+  author: nerrorsec
+  severity: info
+  description: Searches for the pattern /.git/config inside themes and plugins folder.
+  reference: https://hackerone.com/reports/248693
+  tags: config,git,exposure,wordpress,wp-plugin,wp-theme
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/.git/config"
+      - "{{BaseURL}}/wp-content/themes/.git/config"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "[core]"
+
+      - type: dsl
+        dsl:
+          - "!contains(tolower(body), '<html')"
+          - "!contains(tolower(body), '<body')"
+        condition: and
+
+      - type: status
+        status:
+          - 200