id: wpconfig-aws-keys

info:
  name: AWS S3 keys Leak
  author: r12w4n
  severity: high
  description: AWS S3 keys are exposed.
  metadata:
    max-request: 2
  tags: aws,s3,wordpress,disclosure,exposure

http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-config.php-backup'
      - "{{BaseURL}}/%c0"

    matchers:
      - type: word
        words:
          - 'access-key-id'
          - 'secret-access-key'
          - 'DB_NAME'
          - 'DB_PASSWORD'
        condition: and
        part: body
# digest: 4a0a00473045022100d4dec0861fd92d1f5e06459a7e0655d7d2b0db44988b7c87ee1bd87a0a34caf302202920734592b3a2a3d1e03e0ab7b539aab4ac9b8c922b3c45f46449b605c3d950:922c64590222798bb761d5b6d8e72950