nuclei-templates/vulnerabilities/wordpress/wp-config-setup.yaml

25 lines
537 B
YAML

id: wp-config-setup
info:
name: WordPress Setup Configuration
author: princechaddha
severity: high
reference:
- https://smaranchand.com.np/2020/04/misconfigured-wordpress-takeover-to-remote-code-execution/
tags: wordpress,setup
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/setup-config.php?step=1"
matchers-condition: and
matchers:
- type: word
words:
- "Below you should enter your database connection details."
- type: status
status:
- 200