id: wordpress-git-config info: name: Wordpress Git Config author: nerrorsec severity: info description: Searches for the pattern /.git/config inside themes and plugins folder. reference: - https://hackerone.com/reports/248693 metadata: max-request: 2 tags: hackerone,config,git,exposure,wordpress,wp-plugin,wp-theme http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/.git/config" - "{{BaseURL}}/wp-content/themes/.git/config" matchers-condition: and matchers: - type: word words: - "[core]" - type: dsl dsl: - "!contains(tolower(body), '