id: wordpress-git-config info: name: Wordpress Git Config author: nerrorsec severity: info description: Searches for the pattern /.git/config inside themes and plugins folder. reference: - https://hackerone.com/reports/248693 tags: config,git,exposure,wordpress,wp-plugin,wp-theme requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/.git/config" - "{{BaseURL}}/wp-content/themes/.git/config" matchers-condition: and matchers: - type: word words: - "[core]" - type: dsl dsl: - "!contains(tolower(body), '