42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
id: wp-haberadam-idor
|
|
|
|
info:
|
|
name: WordPress Themes Haberadam JSON API - IDOR and Path Disclosure
|
|
author: pussycat0x
|
|
severity: low
|
|
description: This template is designed to detect a misconfiguration vulnerability in WordPress themes that use the Haberadam JSON API. This vulnerability can lead to an Insecure Direct Object Reference (IDOR) and path disclosure, potentially exposing sensitive information.
|
|
reference:
|
|
- https://cxsecurity.com/issue/WLB-2021090078
|
|
metadata:
|
|
max-request: 2
|
|
google-query: inurl:/wp-content/themes/haberadam/
|
|
tags: wordpress,idor,wp-theme,disclosure
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/wp-content/themes/haberadam/api/mobile-info.php?id='
|
|
- '{{BaseURL}}/blog/wp-content/themes/haberadam/api/mobile-info.php?id='
|
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '"status"'
|
|
- '"hava"'
|
|
- '"degree"'
|
|
- '"icon"'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
# digest: 490a0046304402204c2fdfb7a119ce5ade955933b305c1f9490d212c3eab329a59b57cdf734de23f02203fc353fbc570fac572007d69cc3c6f0e65ebbc7663f8e01842e3b53108d4c247:922c64590222798bb761d5b6d8e72950 |