nuclei-templates/http/vulnerabilities/wordpress/wordpress-emergency-script....

34 lines
916 B
YAML

id: wordpress-emergency-script
info:
name: WordPress Emergency Script
author: dwisiswant0
severity: info
description: Exposed wordpress password reset emergency script.
reference:
- https://wordpress.org/support/article/resetting-your-password/#using-the-emergency-password-reset-script
metadata:
max-request: 1
tags: wordpress
http:
- method: GET
path:
- "{{BaseURL}}/emergency.php"
matchers-condition: and
matchers:
- type: word
words:
- "Your use of this script is at your sole risk"
- "WordPress Administrator"
- "Update Options"
condition: and
part: body
- type: status
status:
- 200
# digest: 4b0a00483046022100823548ff856b338033f95061322ef1e6f3dca61c73c2c268b9d0fda60a190f5e022100b4e66e5dbb5334c8504b13fc514a3683072ac9f75b8a9374b6a5840b63fef336:922c64590222798bb761d5b6d8e72950