nuclei-templates/vulnerabilities/wordpress/wp-mailchimp-log-exposure.yaml

28 lines
598 B
YAML

id: wp-mailchimp-log-exposure
info:
name: WordPress Mailchimp 4 Debug Log Exposure
author: aashiq
severity: medium
description: Searches for Mailchimp log exposure by attempting to query the debug log endpoint on wp-content
tags: logs,wordpress,exposure
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/uploads/mc4wp-debug.log"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "WARNING: Form"
- type: word
words:
- 'text/plain'
part: header