id: wordpress-accessible-wpconfig
info:
  name: WordPress accessible wp-config
  author: Kiblyn11 & zomsop82 & madrobot & geeknik & daffainfo
  severity: high
  tags: wordpress,backups

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-config.php'
      - '{{BaseURL}}/.wp-config.php.swp'
      - '{{BaseURL}}/wp-config-sample.php'
      - '{{BaseURL}}/wp-config.inc'
      - '{{BaseURL}}/wp-config.old'
      - '{{BaseURL}}/wp-config.txt'
      - '{{BaseURL}}/wp-config.php.txt'
      - '{{BaseURL}}/wp-config.php.bak'
      - '{{BaseURL}}/wp-config.php.old'
      - '{{BaseURL}}/wp-config.php.dist'
      - '{{BaseURL}}/wp-config.php.inc'
      - '{{BaseURL}}/wp-config.php.swp'
      - '{{BaseURL}}/wp-config.php.html'
      - '{{BaseURL}}/wp-config-backup.txt'
      - '{{BaseURL}}/wp-config.php.save'
      - '{{BaseURL}}/wp-config.php~'
      - '{{BaseURL}}/wp-config.php.orig'
      - '{{BaseURL}}/wp-config.php.original'
      - '{{BaseURL}}/wp-license.php?file=../..//wp-config'
      - '{{BaseURL}}/_wpeprivate/config.json'
    matchers-condition: and
    matchers:
      - type: word
        words:
          - DB_NAME
          - WPENGINE_ACCOUNT
        part: body
      - type: status
        status:
          - 200