daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/vulnerabilities/wordpress/wordpress-accessible-wpconf...

79 lines
2.2 KiB
YAML
Raw Permalink Blame History

id: wordpress-accessible-wpconfig
info:
name: WordPress wp-config Detection
author: Kiblyn11,zomsop82,madrobot,geeknik,daffainfo,r12w4n,tess,0xpugazh,mastercho,c4sper0
severity: high
description: WordPress `wp-config` was discovered. This file is remotely accessible and its content available for reading.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 32
tags: wordpress,backup
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/wp-config.php"
- "/.wp-config.php.swp"
- "/wp-config-sample.php"
- "/wp-config.inc"
- "/wp-config.old"
- "/wp-config.txt"
- "/wp-config.php.txt"
- "/wp-config.php.bak"
- "/wp-config.php.BAK"
- "/wp-config.php.old"
- "/wp-config.php.OLD"
- "/wp-config.php.dist"
- "/wp-config.php.inc"
- "/wp-config.php.swp"
- "/wp-config.php.html"
- "/wp-config-backup.txt"
- "/wp-config.php.save"
- "/wp-config.php.SAVE"
- "/wp-config.php~"
- "/wp-config.php-backup"
- "/wp-config.php.orig"
- "/wp-config.php_orig"
- "/wp-config.php.original"
- "/wp-config.backup"
- "/_wpeprivate/config.json"
- "/config.php.zip"
- "/config.php.tar.gz"
- "/config.php.new"
- "/common/config.php.new"
- "/wp-config.php.bk"
- "/home/{{DN}}WORDPRESS.txt"
- "/home/{{DN}}-WORDPRESS.txt"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: word
part: body
words:
- "DBNAME"
- "PASSWORD"
condition: and
- type: word
part: body
words:
- "DB_USERNAME"
- "DB_PASSWORD"
condition: and
# digest: 4b0a00483046022100ea38fec96c4e0f043618aa337cd7ce9ba941080b7ee3a2b0d6c1de6d5dd6d50f022100eeed751d4ef5c4895028895468e73e67d86353838a8ec65cccb3e98599079c68:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink